31,703
edits
Changes
no edit summary
# The options that go into an OpenVPN server are standard OpenWRT OpenVPN server options. If you do not posses all the required information needed to create an OpenVPN server, visit this OpenWRT guide: [https://wiki.openwrt.org/doc/howto/vpn.openvpn OpenVPN Setup Guide for Beginners].
# The options that go into an OpenVPN server are standard OpenWRT OpenVPN server options. If you do not posses all the required information needed to create an OpenVPN server, visit this OpenWRT guide: [https://wiki.openwrt.org/doc/howto/vpn.openvpn OpenVPN Setup Guide for Beginners].
# Note that I added two values to the list named '''push'''. As mentioned before, when adding values to list-type parameters use separate commands for separate values. If the value has space (as in the example above) use quotation marks around the value ("''<value>''").
# Note that I added two values to the list named '''push'''. As mentioned before, when adding values to list-type parameters use separate commands for separate values. If the value has a space in it (as in the example above) use quotation marks around the value ("''<value>''").
# Depending on your chosen authentication, the OpenVPN server instance might use certificate files for authentication with clients. A TLS server, as in our case, uses '''Certificate authority''' (''.crt''), '''Server certificate''' (''.crt''), '''Server key''' (''.key'') and '''Diffie Hellman Parameters''' (''.pem'') files for authentication. A Static Key server uses a '''Static Key''' (''.key'') file for authentication. In the example above I had all the files upload beforehand to ''/lib/uci/upload'', so the commands that I used only provided the server's config with the paths to the files. When creating your own OpenVPN server you will have to generate your own certificates and upload the to ''/lib/uci/upload'' (the default directory for certificates) or somewhere else, but make sure to specify the correct path. To upload files to the router use the '''scp''' command if you're working with a Linux type OS or use software called '''WinSCP''' if you are using Windows OS. Or use Easy-RSA to create certificates within the router. The newly created certificates will appear in '''/etc/easy-rsa/keys'''. You can create certificates with these commands:
# Depending on your chosen authentication, the OpenVPN server instance might use certificate files for authentication with clients. A TLS server, as in our case, uses '''Certificate authority''' (''.crt''), '''Server certificate''' (''.crt''), '''Server key''' (''.key'') and '''Diffie Hellman Parameters''' (''.pem'') files for authentication. A Static Key server uses a '''Static Key''' (''.key'') file for authentication. In the example above I had all the files upload beforehand to ''/lib/uci/upload'', so the commands that I used only provided the server's config with the paths to the files. When creating your own OpenVPN server you will have to generate your own certificates and upload the to ''/lib/uci/upload'' (the default directory for certificates) or somewhere else, but make sure to specify the correct path. To upload files to the router use the '''scp''' command if you're working with a Linux type OS or use software called '''WinSCP''' if you are using Windows OS. Or use Easy-RSA to create certificates within the router. The newly created certificates will appear in '''/etc/easy-rsa/keys'''. You can create certificates with these commands:
build-key-server my-server
build-key-server my-server
build-key-pkcs12 my-client
build-key-pkcs12 my-client
==Additional examples==
If the examples and explanations provided above did not suffice, we are providing this section of some additional ones in hopes to give you a better grasp of the syntax of UCI command usage.
===Site Blocking===
This example will provide instructions on how to enable RUT routers' Site Blocking feature and how to add hostnames to the Blacklist or Whitelist. Let's say for the sake of our example that you want to create a Blacklist that excludes access to all sites contained within the list. The sites in question are <nowiki>www.facebook.com</nowiki>, <nowiki>www.youtube.com</nowiki> and <nowiki>9gag.com</nowiki>.
To achieve such a task, the first relevant piece of required information is the config name, '''hostblock''', where all the necessary configuration lines are stored. The next important thing to know is that each different website must be stored in a separate section of the type '''block'''. So we'll need to create a new section and enable each added element. Let's start:
First element:
# uci add hostblock block
# uci set hostblock.@block[0].host=www.facebook.com
# uci set hostblock.@block[0].enabled=1
Second element:
# uci add hostblock block
# uci set hostblock.@block[1].host=www.youtube.com
# uci set hostblock.@block[1].enabled=1
Third element:
# uci add hostblock block
# uci set hostblock.@block[2].host=9gag.com
# uci set hostblock.@block[2].enabled=1
Enabling Site Blocking:
# uci set hostblock.config.enabled=1
Last steps:
# uci commit hostblock
# luci-reload
