b.liu | e958203 | 2025-04-17 19:18:16 +0800 | [diff] [blame] | 1 | How to configure VPN |
| 2 | ======================================== |
| 3 | Here we provide some example of the tunneling protocol configurations usable in /etc/config/network. |
| 4 | We will also provide the opkg packages that need to be installed for protocol support below. |
| 5 | |
| 6 | 1, GRE |
| 7 | The PACKAGE_gre must be installed to use this protocol. Additionally, you need PACKAGE_grev4 and/or PACKAGE_grev6. |
| 8 | example for create a GRE tunnel: |
| 9 | |
| 10 | # /etc/config/network |
| 11 | config interface 'vpn' |
| 12 | option proto 'gre' |
| 13 | option peeraddr 'peeraddr' |
| 14 | |
| 15 | config interface 'gre_tunnel' |
| 16 | option ifname '@vpn' |
| 17 | option proto 'static' |
| 18 | option netmask 'netmask' |
| 19 | option ipaddr 'ipaddress' |
| 20 | #If you need to configure IPv6. |
| 21 | option ip6addr 'ipaddress' |
| 22 | |
| 23 | 2, PPTP |
| 24 | The following packages must be installed to use this protocol. |
| 25 | PACKAGE_kmod-nf-nathelper-extra |
| 26 | PACKAGE_kmod-gre |
| 27 | PACKAGE_kmod-pptp |
| 28 | PACKAGE_ppp |
| 29 | PACKAGE_kmod-ppp |
| 30 | PACKAGE_ppp-mod-pptp |
| 31 | |
| 32 | example for create PPTP: |
| 33 | # /etc/config/network |
| 34 | config interface 'vpn' |
| 35 | option ifname 'pptp-vpn' |
| 36 | option proto 'pptp' |
| 37 | option username 'vpnusername' |
| 38 | option password 'vpnpassword' |
| 39 | option server 'ipaddress' |
| 40 | |
| 41 | 3, XL2TP: |
| 42 | The following packages must be installed to use this protocol. |
| 43 | PACKAGE_ppp-multilink |
| 44 | PACKAGE_kmod-ppp |
| 45 | PACKAGE_xl2tpd |
| 46 | |
| 47 | example for create XL2TP: |
| 48 | # /etc/config/network |
| 49 | config interface 'vpn' |
| 50 | option ifname 'xl2tp-vpn' |
| 51 | option proto 'l2tp' |
| 52 | option username 'vpnusername' |
| 53 | option password 'vpnpassword' |
| 54 | option server 'ipaddress' |
| 55 | |
| 56 | 4, Note that, for the above protocol, you also need to configure the rules in /etc/config/firewall. |
| 57 | # /etc/config/firewall |
| 58 | config zone |
| 59 | option name vpn |
| 60 | list network 'vpn' |
| 61 | option input ACCEPT |
| 62 | option output ACCEPT |
| 63 | option forward ACCEPT |
| 64 | option masq 1 |
| 65 | |
| 66 | config forwarding |
| 67 | option src lan |
| 68 | option dest vpn |
| 69 | |
| 70 | config forwarding |
| 71 | option src vpn |
| 72 | option dest lan |
| 73 | |
| 74 | Additionally, the following rule should be configured for GRE tunnel. |
| 75 | config rule |
| 76 | option name Allow-GRE |
| 77 | option src wan |
| 78 | option proto gre |
| 79 | option target ACCEPT |
| 80 | option family ipv4 |
| 81 | |
| 82 | |