I have a working openvpn tunnel up and running with the linksys as the client (recompiled from 2.04.4 - added lzo and removed httpd from the make rules to ensure that the incomplete source package did not try to rebuild httpd)
BTW: lzo compression both works and makes a pretty big difference in my case where I have 192Kbps links on either side...
Anyway... So, I am able to tell the linksys to be a client and connect to a PC server running openvpn in TLS mode... Everything at that level works fine.
Now, I want to make the VPN'd network accessable to any client connecting to the linksys which requires iptables additions...
A few questions:
1. For anyone making changes at this level, where are you putting those changes (iptables settings)? - I'd like to have them survive a reboot, it is not obvious to me where I would stick arbitrary iptables commands that would persist...
2. any hints/tips on how to make openvpn run as if it were in /etc/inittab? Once it dies, I have to telnet in to restart it - need it to restart itself, as I will not have telnet access once everything is in place...
3. any tips on the iptables setup I describe (having the linksys connect as a client and then provision access to the VPN to any client connecting to the LAN side) - my iptables-speak is rusty as the last time I played with it, it was called ipfwadm....
Thanks,
/mike
forward local to vpn
Little reading - found the right incantation for iptables to masquerade the local traffic intended for the vpn tunnel:
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
Now, I still need to know how to "save" that setting along with the other rules that linksys/broadcom are storing...
/mike
iptables configuration
There is currently no support to store custom iptables rules in NVRAM (so you will either have to "hardcode" the rule in rc/firewall.c or add support for NVRAM stored custom iptables rules).
Other Linksys-derived firmwares might already have implemented this feature, so you could probably borrow some code...
Saving iptables settings
Well, it occured to me that, I don't really want to save those, but rather enable and disable them with openvpn... So, I put them in "up" and "down" scripts...
I did notice that the reason I was having to start openvpn manually was that the "start_openvpn" routine in services.c crashes for some reason...
I edited to remove all the stuff, I don't use (it just says "_eval("openvpn","--config","/etc/openvpn.conf",0,NULL,&pid)" now...
So, something in those other checks explodes and breaks a numbers of things... Have not gone back to figure all that out yet since everything is now working for me....
Thanks for the help, sorry to flood the forum, but talking mostly to myself was appearently quite helpful :-)
/mike