this is a uci-defaults script for an openvpn client (from circa May 2018, you need to provide your own value for openvpn.foo.remote=${your-openvpn-server}, and you need to provide your own /etc/openvpn/keys/ca.crt, /etc/openvpn/keys/client.crt, and /etc/openvpn/keys/client.key'):
#!/bin/sh uci batch <<EOF delete openvpn.custom_config delete openvpn.sample_server delete openvpn.sample_client set openvpn.foo=openvpn set openvpn.foo.enabled=1 set openvpn.foo.client='1' set openvpn.foo.dev='tun' set openvpn.foo.proto='udp' set openvpn.foo.remote=${your-openvpn-server} set openvpn.foo.resolve_retry='infinite' set openvpn.foo.nobind='1' set openvpn.foo.persist_key='1' set openvpn.foo.persist_tun='0' set openvpn.foo.keepalive='10 120' set openvpn.foo.remote_cert_tls=server set openvpn.foo.ca='/etc/openvpn/keys/ca.crt' set openvpn.foo.cert='/etc/openvpn/keys/client.crt' set openvpn.foo.key='/etc/openvpn/keys/client.key' set openvpn.foo.compress='lzo' commit openvpn add firewall zone set firewall.@zone[-1].input='ACCEPT' set firewall.@zone[-1].forward='REJECT' set firewall.@zone[-1].output='ACCEPT' set firewall.@zone[-1].name='vpn' set firewall.@zone[-1].masq='1' set firewall.@zone[-1].mtu_fix='1' set firewall.@zone[-1].network='vpn' add firewall forwarding set firewall.@forwarding[-1].dest='vpn' set firewall.@forwarding[-1].src='lan' commit firewall EOF No warranty! On Sun, Feb 20, 2022 at 7:10 PM Russell Senior <russ...@personaltelco.net> wrote: > > I am not sure what it's called, tunnel maybe? It is feasible. These > days wireguard is maybe the "cooler" option. Over at Personal Telco > land, we are still using OpenVPN because it can handle broadcast or > multicast traffic or something, which wireguard can't, and we need it > for the dynamic routing protocol (OLSR) we use. But, I could probably > give you an OpenWrt config that would work (not from memory, but > looking at previous examples). > > -- > Russell Senior > russ...@personaltelco.net > > On Sun, Feb 20, 2022 at 6:57 PM Eric House <eeho...@eehouse.org> wrote: > > > > I'm visiting my daughter in Spain next month, and thought it'd be fun to > > leave her with a little device that takes her home, as it were: a > > GL-MT300N-V2 that when connected via Ethernet to her ISP's WAN port becomes > > a wifi access point that routes all its traffic through our place in > > Corvallis. > > > > I've joined residences using OpenVPN before, but a quick look at the docs > > suggests that most users of VPNs on OpenWRT are connecting to a commercial > > VPN host rather than to another OpenWRT instance. > > > > First question: is what I want to do feasible/possible? (I suspect that the > > $25 device I'm starting with will not support a heavy load very well. > > That's ok: she can upgrade if the concept works out.) > > > > Second, is there a name for what I'm trying to do? Usually when I can't > > find answers on Google it's because I don't know what to ask for. > > > > Thanks! > > > > --Eric