blob: 1a849a6bed11cff0b132daa1d27d43945f93e78f [file] [log] [blame]
b.liue9582032025-04-17 19:18:16 +08001How to configure VPN
2========================================
3Here we provide some example of the tunneling protocol configurations usable in /etc/config/network.
4We will also provide the opkg packages that need to be installed for protocol support below.
5
61, GRE
7The PACKAGE_gre must be installed to use this protocol. Additionally, you need PACKAGE_grev4 and/or PACKAGE_grev6.
8example for create a GRE tunnel:
9
10 # /etc/config/network
11 config interface 'vpn'
12 option proto 'gre'
13 option peeraddr 'peeraddr'
14
15 config interface 'gre_tunnel'
16 option ifname '@vpn'
17 option proto 'static'
18 option netmask 'netmask'
19 option ipaddr 'ipaddress'
20 #If you need to configure IPv6.
21 option ip6addr 'ipaddress'
22
232, PPTP
24The following packages must be installed to use this protocol.
25 PACKAGE_kmod-nf-nathelper-extra
26 PACKAGE_kmod-gre
27 PACKAGE_kmod-pptp
28 PACKAGE_ppp
29 PACKAGE_kmod-ppp
30 PACKAGE_ppp-mod-pptp
31
32example for create PPTP:
33 # /etc/config/network
34 config interface 'vpn'
35 option ifname 'pptp-vpn'
36 option proto 'pptp'
37 option username 'vpnusername'
38 option password 'vpnpassword'
39 option server 'ipaddress'
40
413, XL2TP:
42The following packages must be installed to use this protocol.
43 PACKAGE_ppp-multilink
44 PACKAGE_kmod-ppp
45 PACKAGE_xl2tpd
46
47example for create XL2TP:
48 # /etc/config/network
49 config interface 'vpn'
50 option ifname 'xl2tp-vpn'
51 option proto 'l2tp'
52 option username 'vpnusername'
53 option password 'vpnpassword'
54 option server 'ipaddress'
55
564, Note that, for the above protocol, you also need to configure the rules in /etc/config/firewall.
57 # /etc/config/firewall
58 config zone
59 option name vpn
60 list network 'vpn'
61 option input ACCEPT
62 option output ACCEPT
63 option forward ACCEPT
64 option masq 1
65
66 config forwarding
67 option src lan
68 option dest vpn
69
70 config forwarding
71 option src vpn
72 option dest lan
73
74Additionally, the following rule should be configured for GRE tunnel.
75 config rule
76 option name Allow-GRE
77 option src wan
78 option proto gre
79 option target ACCEPT
80 option family ipv4
81
82