{"id":1053,"date":"2019-12-07T11:02:03","date_gmt":"2019-12-07T20:02:03","guid":{"rendered":"\/blog\/?p=1053"},"modified":"2023-12-21T14:53:18","modified_gmt":"2023-12-21T05:53:18","slug":"wevo-11ac-nas-openvpn-%ec%9d%b8%ec%a6%9d%ec%84%9c-%ec%84%a4%ec%a0%95%ed%8c%8c%ec%9d%bcovpn-%eb%a7%8c%eb%93%a4%ea%b8%b0","status":"publish","type":"post","link":"https:\/\/hasu0707.duckdns.org\/blog\/?p=1053","title":{"rendered":"[WeVO 11AC NAS] OpenVPN \uc778\uc99d\uc11c \uc124\uc815\ud30c\uc77c(ovpn) \ub9cc\ub4e4\uae30"},"content":{"rendered":"\n<p>setup_openwrt_openvpn_conf.sh<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"bash\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">#!\/bin\/sh\n######################################################################\n#\n# OpenWRT OpenVPN \uc124\uc815 \uc2a4\ud06c\ub9bd\ud2b8\n#\n# OpenVPN \uc11c\ubc84 \uc124\uc815\uacfc \ud074\ub77c\uc774\uc5b8\ud2b8\uc6a9 ovpn\uc744 \uc0dd\uc131\ud55c\ub2e4.\n#\n######################################################################\n\nMY_DDNS=\"hasu0707.duckdns.org\"\n\n######################################################################\n#\n# OpenVPN \uc11c\ubc84 \uc14b\ud305\n#\n######################################################################\n# Generate TLS PSK\n# Configuration parameters\nOVPN_DIR=\"\/etc\/openvpn\"\nOVPN_PKI=\"\/etc\/easy-rsa\/pki\"\nOVPN_DEV=\"tun\"\nOVPN_PORT=\"1194\"\nOVPN_PROTO=\"udp\"\nOVPN_POOL=\"10.8.0.0 255.255.255.0\"\nOVPN_DNS=\"${OVPN_POOL%.* *}.1\"\nOVPN_DOMAIN=\"lan\"\nOVPN_DH=\"$(cat ${OVPN_PKI}\/dh.pem)\"\nOVPN_TC=\"$(sed -e \"\/^#\/d;\/^\\w\/N;s\/\\n\/\/\" ${OVPN_PKI}\/tc.pem)\"\nOVPN_CA=\"$(openssl x509 -in ${OVPN_PKI}\/ca.crt)\"\nNL=$'\\n'\n\n# Configure VPN server\numask u=rw,g=,o=\ngrep -l -r -e \"TLS Web Server Auth\" \"${OVPN_PKI}\/issued\" \\\n| sed -e \"s\/^.*\\\/\/\/;s\/\\.\\w*$\/\/\" \\\n| while read -r OVPN_ID\ndo\nOVPN_CERT=\"$(openssl x509 -in ${OVPN_PKI}\/issued\/${OVPN_ID}.crt)\"\nOVPN_KEY=\"$(cat ${OVPN_PKI}\/private\/${OVPN_ID}.key)\"\ncat &lt;&lt; EOF > ${OVPN_DIR}\/${OVPN_ID}.conf\nverb 3\nuser nobody\ngroup nogroup\ndev ${OVPN_DEV}\nport ${OVPN_PORT}\nproto ${OVPN_PROTO}\nserver ${OVPN_POOL}\ntopology subnet\nmode server\nclient-to-client\nkeepalive 10 120\npersist-tun\npersist-key\ncomp-lzo yes\npush \"redirect-gateway def1 bypass-dhcp\"\npush \"dhcp-option DNS 8.8.8.8\"\npush \"dhcp-option DNS 8.8.4.4\"\n&lt;dh>${NL}${OVPN_DH}${NL}&lt;\/dh>\n&lt;tls-crypt>${NL}${OVPN_TC}${NL}&lt;\/tls-crypt>\n&lt;ca>${NL}${OVPN_CA}${NL}&lt;\/ca>\n&lt;cert>${NL}${OVPN_CERT}${NL}&lt;\/cert>\n&lt;key>${NL}${OVPN_KEY}${NL}&lt;\/key>\nEOF\ndone\n\n######################################################################\n#\n# OpenVPN \ud074\ub77c\uc774\uc5b8\ud2b8\uc6a9 ovpn profile \uc0dd\uc131\n#\n######################################################################\n# Fetch IP address\n. \/lib\/functions\/network.sh\nnetwork_flush_cache\nnetwork_find_wan NET_IF\nnetwork_get_ipaddr OVPN_SERV \"${NET_IF}\"\n\n# Fetch FQDN from DDNS client\nOVPN_FQDN=\"$(uci -q get \"$(uci -q show ddns \\\n| sed -n -e \"\/\\.enabled='1'$\/s\/\/.lookup_host\/p\" \\\n| sed -n -e \"1p\")\")\"\nif [ -n \"${OVPN_FQDN}\" ]\nthen\nOVPN_SERV=\"${OVPN_FQDN}\"\nfi\n\n# Configuration parameters\nOVPN_DIR=\"\/etc\/openvpn\"\nOVPN_PKI=\"\/etc\/easy-rsa\/pki\"\nOVPN_DEV=\"tun\"\nOVPN_PORT=\"1194\"\nOVPN_PROTO=\"udp\"\nOVPN_TC=\"$(sed -e \"\/^#\/d;\/^\\w\/N;s\/\\n\/\/\" ${OVPN_PKI}\/tc.pem)\"\nOVPN_CA=\"$(openssl x509 -in ${OVPN_PKI}\/ca.crt)\"\nNL=$'\\n'\n\n# Generate VPN client profiles\numask u=rw,g=,o=\ngrep -l -r -e \"TLS Web Client Auth\" \"${OVPN_PKI}\/issued\" \\\n| sed -e \"s\/^.*\\\/\/\/;s\/\\.\\w*$\/\/\" \\\n| while read -r OVPN_ID\ndo\nOVPN_CERT=\"$(openssl x509 -in ${OVPN_PKI}\/issued\/${OVPN_ID}.crt)\"\nOVPN_KEY=\"$(cat ${OVPN_PKI}\/private\/${OVPN_ID}.key)\"\ncat &lt;&lt; EOF > ${OVPN_DIR}\/${MY_DDNS}_client.ovpn\nclient\ndev ${OVPN_DEV%%[0-9]*}\nremote ${MY_DDNS} ${OVPN_PORT} ${OVPN_PROTO}\nnobind\nresolv-retry infinite\npersist-key\npersist-tun\ntls-client\ncipher AES-256-CBC\nauth-nocache\nremote-cert-tls server\ntun-mtu 1500\ncomp-lzo yes\nverb 3\nreneg-sec 0\npull-filter ignore \"block-outside-dns\"\n&lt;tls-crypt>${NL}${OVPN_TC}${NL}&lt;\/tls-crypt>\n&lt;ca>${NL}${OVPN_CA}${NL}&lt;\/ca>\n&lt;cert>${NL}${OVPN_CERT}${NL}&lt;\/cert>\n&lt;key>${NL}${OVPN_KEY}${NL}&lt;\/key>\nEOF\ndone\n\nls ${OVPN_DIR}\/*.ovpn\n\/etc\/init.d\/openvpn enable\n\/etc\/init.d\/openvpn stop\n\/etc\/init.d\/openvpn start<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>setup_openwrt_openvpn_conf.sh<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_import_markdown_pro_load_document_selector":0,"_import_markdown_pro_submit_text_textarea":"","site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[21],"tags":[],"class_list":["post-1053","post","type-post","status-publish","format-standard","hentry","category-development_openwrt"],"_links":{"self":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1053","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1053"}],"version-history":[{"count":0,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1053\/revisions"}],"wp:attachment":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1053"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1053"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1053"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}