Ich besitze einen Router mittels DD-WRT Firmware. Dazu habe ich ein kleines Startscript - was einen openvpn client startet - und meinen LAN Traffic ins VPN leitet - funktioniert tadellos!
Startup Script
Code: Alles auswählen
#!/bin/sh
SERVER="vpnserver"
PROTOCOL="udp"
PORT="1234"
USER="username"
PASS="pwd"
mkdir /tmp/openvpncl
echo client > /tmp/openvpncl/openvpn.conf &&
echo dev tun >> /tmp/openvpncl/openvpn.conf &&
echo proto "$PROTOCOL" >> /tmp/openvpncl/openvpn.conf &&
echo remote "$SERVER" "$PORT" >> /tmp/openvpncl/openvpn.conf &&
echo resolv-retry infinite >> /tmp/openvpncl/openvpn.conf &&
echo nobind >> /tmp/openvpncl/openvpn.conf &&
echo persist-key >> /tmp/openvpncl/openvpn.conf &&
echo persist-tun >> /tmp/openvpncl/openvpn.conf &&
echo persist-remote-ip >> /tmp/openvpncl/openvpn.conf &&
echo tun-mtu 1500 >> /tmp/openvpncl/openvpn.conf &&
echo ca /tmp/openvpncl/ca.crt >> /tmp/openvpncl/openvpn.conf &&
echo remote-cert-tls server >> /tmp/openvpncl/openvpn.conf &&
echo auth-user-pass /tmp/auth.conf >> /tmp/openvpncl/openvpn.conf &&
echo comp-lzo >> /tmp/openvpncl/openvpn.conf &&
echo verb 3 >> /tmp/openvpncl/openvpn.conf &&
echo auth SHA256 >> /tmp/openvpncl/openvpn.conf &&
echo cipher AES-256-CBC >> /tmp/openvpncl/openvpn.conf &&
echo keysize 256 >> /tmp/openvpncl/openvpn.conf &&
echo script-security 3 system >> /tmp/openvpncl/openvpn.conf
echo log /tmp/openvpncl/openvpn.log >> /tmp/openvpncl/openvpn.conf
echo daemon >> /tmp/openvpncl/openvpn.conf
echo status-version 3 >> /tmp/openvpncl/openvpn.conf
echo status /tmp/openvpncl/status.log 5 >> /tmp/openvpncl/openvpn.conf
echo -e "$USER\n$PASS" > /tmp/auth.conf
chmod 600 /tmp/auth.conf
echo -----BEGIN CERTIFICATE----- > /tmp/openvpncl/ca.crt
echo -----END CERTIFICATE----- >> /tmp/openvpncl/ca.crt
chmod 644 /tmp/openvpncl/ca.crt
touch /tmp/openvpncl/openvpn.log
chmod 664 /tmp/openvpncl/openvpn.log
echo "#!/bin/sh" > /tmp/openvpncl/route-up.sh
echo "iptables -I POSTROUTING -t nat -o tun0 -j MASQUERADE" >> /tmp/openvpncl/route-up.sh
echo "iptables -I INPUT -t filter -i tun0 -j ACCEPT" >> /tmp/openvpncl/route-up.sh
echo -e "#!/bin/sh\nsleep 2" > /tmp/openvpncl/route-down.sh
echo "iptables -D POSTROUTING -t nat -o tun0 -j MASQUERADE" >> /tmp/openvpncl/route-down.sh
echo "iptables -D INPUT -t filter -i tun0 -j ACCEPT" >> /tmp/openvpncl/route-down.sh
chmod 700 /tmp/openvpncl/route-up.sh
chmod 700 /tmp/openvpncl/route-down.sh
(openvpn --config /tmp/openvpncl/openvpn.conf --ca /tmp/openvpncl/ca.crt --route-up /tmp/openvpncl/route-up.sh --down-pre /tmp/openvpncl/route-down.sh &)
exit 0
danke und lG
fudge