Dieses Wiki ist ein Archiv bis 2023. Das aktuelle Wiki findet sich unter https://wiki.hamburg.ccc.de/
ChaosVPN:OpenWRTHowto
Revision as of 01:21, 14 April 2012 by Waldmeister (talk | contribs) (→4. Save & Apply & ReConnect & ReBoot | ReTry)
This is Howto for setting up an independent Box providing ChaosVPN
0. Fulfil Requirements
- Buy Hardware [WNDR3800] or some equivalent
- You must have read the basic Howto precisely
- generate your keys, choose nodename and subnet and send pubkey to ChaosVPN team
1. Preparations
In five steps. Really.
1. Get Started
- Unpack your Router and power on
- Connect wired or wireless (use information provided with your router)
- Go directly to your routers Webinterface (192.168.1.1 or 192.168.178.1) and search for sth like System -> Firmware Upgrade
- (There is no need to change any of the configuration)
2. Install OpenWRT
- Download [OpenWRT for WNDR3800] and upload the Image in your Webinterface
- Press Start
- DO NOT REBOOT, POWEROFF OR ELSE
- Wait until done (Power LED should not flash)
3. Start and Setup OpenWRT
- Restart the network connection between PC <-> Router
telnet 192.168.1.1
passwd #set a root password
- REMEMBER IT
- Connect the yellow (WAN) port on your router to current infrastructure
- Go to Webinterface at 192.168.1.1
- Go to Network -> Interfaces and activate WAN Connection with DHCP or your custom internet configuration
- Navigate to System -> Software and press Update Lists
- Press Available Software tab and select C
- Search for ChaosVPN and press install
(I did also install screen at this point)
4. Prepare for launch
ssh root@192.168.1.1 # telnet won't work anymore
- edit the top part of
/etc/tinc/chaosvpn.conf
$my_peerid = <nodename> $my_vpn_ip = 172.31.<your Subnet>.[1-255]
- Copy over your keys to OpenWRT Box
# scp /etc/tinc/chaos/rsa_key.p* root@192.168.1.1:/etc/tinc/chaos # rm /etc/tinc/chaos/rsa_key.p*
5. Lift off
- start chaosvpn
/etc/init.de/chaosvpn start
...be prepared for 150 new route entries
2. Configure a Moonlander
While building a ChaosVPN-only access node, use either Webclient or [| Console Backup] continously
1. Add Interface for ChaosVPN
- Go to Network -> Interfaces
- Klick Add new interface.. Button at the bottom of the page
- Type ChaosVPN into name field
- Select Unmanaged
- Select Ethernet Adapter: "chaos_vpn"
- Save
2. Add Zone for ChaosVPN
- Go to Network -> Firewall
- In the Zones Tab, klick Add
- Type ChaosVPN into name field
- At Covered Networks select ChaosVPN
3. Make WLAN an ChaosVPN only AP
Caution! Pozor!
- The following is varies with your persional use case - please post your configuration with an short description if you like
- The default WAN will be still reachable via wired network.
- The wireless network will have no access to WAN - ChaosVPN only.
- At any state you can use the IP 192.168.1.1 to reach your router.
- Pressing save will only cache the setting - press apply to make sure settings are set
- Go to Network -> Interfaces
- Klick Add new interface
- Type wlan into name field
- Select Static address
- Check Create a bridge if you like to bridge 2.4GhZ and 5GhZ
- Select (both) wlan devices
- In Edit mask
IPv4 Address: 172.31.<your subnet>.[1-255] //this must not be the ip of chaosvpn device!
Netmask: 255.255.255.0
- Add a DHCP Server to server some addresses in range 100-150
- Advanced Settings to propagate internal nameservers
DHCP Options: 6,172.31.116.1,195.24.78.86,172.22.228.6
- Go to Network -> Firewall
- In the Zones Tab, klick Add
- Type wlan into name field
- At Covered Networks select wlan device
- Check Allow forward to destination zones: ChaosVPN
4. Save & Apply & ReConnect & ReBoot | ReTry
ping irc.hackint.hack
- tests your successful landing with stable communication uplink
... to be continued