OpenVPN for QNAP 209 II Pro
For OpenVPN Clients http://openvpn.net/gui.html
For OpenVPN Tarballs download from http://public.box.net/goran86293
SSL TarBall deployment information here: http://forum.qnap.com/viewtopic.php?f=90&t=2349&st=0&sk=t&sd=a
More infomation here regarding installing OpenVPN using ipkg: http://wiki.nas-portal.org/index.php/Install_OpenVPN_on_QNAP
My quick details below
tar -xvf /share/MD0_DATA/OpenVPN/openssl-0.9.8g.tar
tar -xvf /share/MD0_DATA/OpenVPN/openvpn-2.0.9.tar
tar -xvf /share/MD0_DATA/OpenVPN/tun.tar
export PATH=$PATH:/share/MD0_DATA/OpenVPN/openssl-0.9.8g/bin
cd openvpn-2.0.9/easy-rsa
vi vars (or edit via WinSCP)
edit the following variables:
export KEY_COUNTRY=SE
export KEY_PROVINCE=Sthlm
export KEY_CITY=City
export KEY_ORG=”qnap”
export KEY_EMAIL=” bob@mail.com”
. vars
./clean-all
./build-ca
./build-dh
./build-req qnap
./build-key-server qnap
./build-key [i]client1[/i]
cp -r keys ../../
create the following file /share/MD0_DATA/OpenVPN/server.conf containing
port 1194 �
dev tun �
tls-server �
mode server �
dh keys/dh1024.pem �
ca keys/ca.crt �
cert keys/qnap.crt �
key keys/qnap.key �
duplicate-cn �
ifconfig 10.50.0.1 10.50.0.2 �
ifconfig-pool 10.50.0.10 10.50.0.100 # IP range clients �
mtu-test �
#keep tunnel open by ping �
push “ping 10″ �
push “ping-restart 60″ �
ping 10 �
ping-restart 120 �
client-to-client �
#route to be established on the server �
route-up “route delete -net 10.50.0.0 netmask 255.255.255.0″ �
route-up “route add -net 10.50.0.0 netmask 255.255.255.0 tun0″ �
#route to push to clients �
#route to VPN network�
push “route 10.50.0.0 255.255.255.0″
#route to server network �
push “route 10.2.10.0 255.255.255.0″ #< — !!!Change this to your private network!!! �
comp-lzo �
status-version 2 �
status openvpn-status.log �
log openvpn.log �
verb 3
**********************************************************
create or edit the following file /share/MD0_DATA/OpenVPN/qnap.ovpn containing
client
dev tun
proto udp
remote nas.tsls.co.uk 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
comp-lzo
verb 1
********************************************************
create or edit the following file /share/MD0_DATA/OpenVPN/openvpn.sh containing
#openvpn.sh
#!/bin/sh
# openvpn config file directory and binary
dir=/share/MD0_DATA/OpenVPN
openvpn=/share/MD0_DATA/OpenVPN/openvpn-2.0.9/sbin/openvpn
�
#See how we were called. �
case “$1″ in �
start) �
# load TUN/TAP kernel module
lsmod | grep -q tun
if [ $? = 1 ]; then
mkdir -p /dev/net;
mknod /dev/net/tun c 10 200;
insmod $dir/tun/tun.ko;
fi
�
# enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
�
# Invoke openvpn for each VPN tunnel
# in daemon mode. Alternatively,
# you could remove “–daemon” from
# the command line and add “daemon”
# to the config file.
#
# Each tunnel should run on a separate
# UDP port. Use the “port” option
# to control this. Like all of
# OpenVPN’s options, you can
# specify “–port 8000″ on the command
# line or “port 8000″ in the config
# file.
$openvpn –cd $dir –daemon –config server.conf
;;
stop)
# stop all openvpn processes
killall -q -TERM openvpn�
�
# let it finish
sleep 2
�
# unload the kernel tun module
lsmod |grep -q tun
if [ $? = 0 ]; then
rmmod tun�
rm -fr /dev/net
fi
;;�
restart) �
$0 stop �
sleep 2 �
$0 start �
;;
*) �
echo “Usage: openvpn {start|stop|restart}”
exit 1 �
;; �
esac �
exit 0
*****************************
cd /share/MD0_DATA/OpenVPN
chmod +x openvpn.sh
then use:
./openvpn.sh start
and
./openvpn.sh stop
cd /etc/init.d
ln -s /share/MD0_DATA/OpenVPN/openvpn.sh openvpn.sh
