docs/marvell/howto/vpn_configuration.txt - T108 - Gitiles

 How to configure VPN
 ========================================
 Here we provide some example of the tunneling protocol configurations usable in /etc/config/network.
 We will also provide the opkg packages that need to be installed for protocol support below.

 1, GRE
 The PACKAGE_gre must be installed to use this protocol. Additionally, you need PACKAGE_grev4 and/or PACKAGE_grev6.
 example for create a GRE tunnel:

 	# /etc/config/network
 	config interface 'vpn'
 		option proto 'gre'
 		option peeraddr 'peeraddr'

 	config interface 'gre_tunnel'
 		option ifname '@vpn'
 		option proto 'static'
 		option netmask 'netmask'
 		option ipaddr 'ipaddress'
 		#If you need to configure IPv6.
 		option ip6addr 'ipaddress'

 2, PPTP
 The following packages must be installed to use this protocol.
 	PACKAGE_kmod-nf-nathelper-extra
 	PACKAGE_kmod-gre
 	PACKAGE_kmod-pptp
 	PACKAGE_ppp
 	PACKAGE_kmod-ppp
 	PACKAGE_ppp-mod-pptp

 example for create PPTP:
 	# /etc/config/network
 	config interface 'vpn'
 		option ifname 'pptp-vpn'
 		option proto 'pptp'
 		option username 'vpnusername'
 		option password 'vpnpassword'
 		option server 'ipaddress'

 3, XL2TP:
 The following packages must be installed to use this protocol.
 	PACKAGE_ppp-multilink
 	PACKAGE_kmod-ppp
 	PACKAGE_xl2tpd

 example for create XL2TP:
 	# /etc/config/network
 	config interface 'vpn'
 		option ifname 'xl2tp-vpn'
 		option proto 'l2tp'
 		option username 'vpnusername'
 		option password 'vpnpassword'
 		option server 'ipaddress'

 4, Note that, for the above protocol, you also need to configure the rules in /etc/config/firewall.
 	# /etc/config/firewall
 	config zone
 		option name vpn
 		list   network          'vpn'
 		option input            ACCEPT
 		option output           ACCEPT
 		option forward          ACCEPT
 		option masq             1

 	config forwarding
 		option src              lan
 		option dest             vpn

 	config forwarding
 		option src              vpn
 		option dest             lan

 Additionally, the following rule should be configured for GRE tunnel.
 	config rule
 		option name             Allow-GRE
 		option src              wan
 		option proto            gre
 		option target           ACCEPT
 		option family           ipv4
	How to configure VPN
	========================================
	Here we provide some example of the tunneling protocol configurations usable in /etc/config/network.
	We will also provide the opkg packages that need to be installed for protocol support below.

	1, GRE
	The PACKAGE_gre must be installed to use this protocol. Additionally, you need PACKAGE_grev4 and/or PACKAGE_grev6.
	example for create a GRE tunnel:

	# /etc/config/network
	config interface 'vpn'
	option proto 'gre'
	option peeraddr 'peeraddr'

	config interface 'gre_tunnel'
	option ifname '@vpn'
	option proto 'static'
	option netmask 'netmask'
	option ipaddr 'ipaddress'
	#If you need to configure IPv6.
	option ip6addr 'ipaddress'

	2, PPTP
	The following packages must be installed to use this protocol.
	PACKAGE_kmod-nf-nathelper-extra
	PACKAGE_kmod-gre
	PACKAGE_kmod-pptp
	PACKAGE_ppp
	PACKAGE_kmod-ppp
	PACKAGE_ppp-mod-pptp

	example for create PPTP:
	# /etc/config/network
	config interface 'vpn'
	option ifname 'pptp-vpn'
	option proto 'pptp'
	option username 'vpnusername'
	option password 'vpnpassword'
	option server 'ipaddress'

	3, XL2TP:
	The following packages must be installed to use this protocol.
	PACKAGE_ppp-multilink
	PACKAGE_kmod-ppp
	PACKAGE_xl2tpd

	example for create XL2TP:
	# /etc/config/network
	config interface 'vpn'
	option ifname 'xl2tp-vpn'
	option proto 'l2tp'
	option username 'vpnusername'
	option password 'vpnpassword'
	option server 'ipaddress'

	4, Note that, for the above protocol, you also need to configure the rules in /etc/config/firewall.
	# /etc/config/firewall
	config zone
	option name vpn
	list network 'vpn'
	option input ACCEPT
	option output ACCEPT
	option forward ACCEPT
	option masq 1

	config forwarding
	option src lan
	option dest vpn

	config forwarding
	option src vpn
	option dest lan

	Additionally, the following rule should be configured for GRE tunnel.
	config rule
	option name Allow-GRE
	option src wan
	option proto gre
	option target ACCEPT
	option family ipv4