Difference between revisions of "ChaosVPN:OpenWRTHowto"

From CCCHHWiki
Jump to: navigation, search
m (Zwischenspeicherung)
(added some network config infos)
Line 9: Line 9:
  
 
= 1. Preparations =
 
= 1. Preparations =
 +
In five steps. Really.
 
== 1. Get Started ==
 
== 1. Get Started ==
 
* Unpack your Router and power on
 
* Unpack your Router and power on
Line 57: Line 58:
  
 
= 2. Configure a ChaosVPN-only access node =
 
= 2. Configure a ChaosVPN-only access node =
 +
Use either Webclient or [[http://wiki.openwrt.org/doc/howto/generic.backup | Console Backup]] continously
 +
== 1. Add Interface ==
 +
* Go to ''Network -> Interfaces''
 +
* Klick ''Add new interface..'' Button at the bottom of the page
 +
* Type ''ChaosVPN'' into name field
 +
* Select ''Unmanaged''
 +
* Select ''Ethernet Adapter: "chaos_vpn"''
 +
* Save
  
 +
== 2. Add Zone for [[ChaosVPN]] ==
 +
* Go to ''Network -> Firewall''
 +
* In the ''Zones'' Tab, klick ''Add''
 +
* Type ''ChaosVPN'' into name field
 +
* At ''Covered Networks'' select ''ChaosVPN''
  
 +
'''The following is varies with your persional use case - please post your configuration with an short description if you like'''
 +
The default WAN will be still reachable via wired network.
 +
The wireless network will have no access to WAN - ChaosVPN only.
 +
At any state you can use the IP 192.168.1.1 to reach your router.
 +
'''Pressing save will only cache the setting - press ''apply'' to make sure settings are set'''
 +
== 3. Make WLAN an [[ChaosVPN]] only AP ==
 +
* Go to ''Network -> Interfaces''
 +
* Klick ''Add new interface''
 +
* Type ''wlan'' into name field
 +
* Select ''Static address''
 +
* Check ''Create a bridge'' if you like to bridge 2.4GhZ and 5GhZ
 +
* Select (both) wlan devices
 +
 +
 +
* In Edit mask
 +
*<pre> IPv4 Address: 172.31.<your subnet>.[1-255] </pre>
 +
* '''this must not be the ip of chaosvpn device!''
 +
* <pre>Netmask: 255.255.255.0</pre>
 +
 +
 +
* Add a DHCP Server to server some addresses in range 100-150
 +
* ''Advanced Settings'' to propagate internal nameservers
 +
*<pre>DHCP Options: 6,172.31.116.1,195.24.78.86,172.22.228.6</pre>
 +
 +
* Go to ''Network -> Firewall''
 +
* In the ''Zones'' Tab, klick ''Add''
 +
* Type ''wlan'' into name field
 +
* At ''Covered Networks'' select ''wlan'' device
 +
* Check ''Allow forward to destination zones: ChaosVPN''
 +
 +
== 4. Save & Apply & ReConnect & ReBoot | ReTry ==
  
 
... to be continued
 
... to be continued

Revision as of 01:07, 14 April 2012

This is Howto for setting up an independent Box providing you with ChaosVPN


0. Fulfil Requirements

  • Buy Hardware [WNDR3800] or some equivalent
  • You must have read the basic Howto precisely
  • generate your keys, choose nodename and subnet and send pubkey to ChaosVPN team

1. Preparations

In five steps. Really.

1. Get Started

  • Unpack your Router and power on
  • Connect wired or wireless (use information provided with your router)
  • Go directly to your routers Webinterface (192.168.1.1 or 192.168.178.1) and search for sth like System -> Firmware Upgrade
  • (There is no need to change any of the configuration)

2. Install OpenWRT

  • Download [OpenWRT for WNDR3800] and upload the Image in your Webinterface
  • Press Start
  • DO NOT REBOOT, POWEROFF OR ELSE
  • Wait until done (Power LED should not flash)

3. Start and Setup OpenWRT

  • Restart the network connection between PC <-> Router
  • telnet 192.168.1.1
  • passwd #set a root password 
  • REMEMBER IT
  • Connect the yellow (WAN) port on your router to current infrastructure
  • Go to Webinterface at 192.168.1.1
  • Go to Network -> Interfaces and activate WAN Connection with DHCP or your custom internet configuration
  • Navigate to System -> Software and press Update Lists
  • Press Available Software tab and select C
  • Search for ChaosVPN and press install

(I did also install screen at this point)

4. Prepare for launch

  • ssh root@192.168.1.1 # telnet won't work anymore
  • edit the top part of
  • /etc/tinc/chaosvpn.conf
$my_peerid = <nodename>
$my_vpn_ip = 172.31.<your Subnet>.[1-255]
  • Copy over your keys to OpenWRT Box
 
# scp /etc/tinc/chaos/rsa_key.p* root@192.168.1.1:/etc/tinc/chaos
# rm /etc/tinc/chaos/rsa_key.p*

5. Lift off

  • start chaosvpn
  • /etc/init.de/chaosvpn start

...be prepared for 150 new route entries

2. Configure a ChaosVPN-only access node

Use either Webclient or [| Console Backup] continously

1. Add Interface

  • Go to Network -> Interfaces
  • Klick Add new interface.. Button at the bottom of the page
  • Type ChaosVPN into name field
  • Select Unmanaged
  • Select Ethernet Adapter: "chaos_vpn"
  • Save

2. Add Zone for ChaosVPN

  • Go to Network -> Firewall
  • In the Zones Tab, klick Add
  • Type ChaosVPN into name field
  • At Covered Networks select ChaosVPN

The following is varies with your persional use case - please post your configuration with an short description if you like The default WAN will be still reachable via wired network. The wireless network will have no access to WAN - ChaosVPN only. At any state you can use the IP 192.168.1.1 to reach your router. Pressing save will only cache the setting - press apply to make sure settings are set

3. Make WLAN an ChaosVPN only AP

  • Go to Network -> Interfaces
  • Klick Add new interface
  • Type wlan into name field
  • Select Static address
  • Check Create a bridge if you like to bridge 2.4GhZ and 5GhZ
  • Select (both) wlan devices


  • In Edit mask
  •  IPv4 Address: 172.31.<your subnet>.[1-255] 
  • 'this must not be the ip of chaosvpn device!
  • Netmask: 255.255.255.0


  • Add a DHCP Server to server some addresses in range 100-150
  • Advanced Settings to propagate internal nameservers
  • DHCP Options: 6,172.31.116.1,195.24.78.86,172.22.228.6
  • Go to Network -> Firewall
  • In the Zones Tab, klick Add
  • Type wlan into name field
  • At Covered Networks select wlan device
  • Check Allow forward to destination zones: ChaosVPN

4. Save & Apply & ReConnect & ReBoot | ReTry

... to be continued