- Update packages:
- NDMSv2 +
- OPKG -> Open Package support
- OPKG -> Opkg kernel filesystems modules
- OPKG -> Opkg kernel netfilter modules
- OPKG -> Opkg kernel trafficcontrol modules
- Networking -> IPv6
- USB Storage -> *
- Applications -> FTP Server (for upload firmware only)
- Make ext2/ext3 partition on USB-stick
- Create 'install' dir at this USB-stick
- Copy to 'install' the mipsel
- At the ZyXel appliance page 'Application':
- check 'Enable OPKG'
- choose storage device
- input initrc script: '/opt/etc/init.d/rc.unslung'
- push 'Apply' button
-
If all has been right -> 'Installation Entware-Keenetic completed'
-
login to zyxel:
ssh -l root your.zyxel.ip.addr (password: zyxel)
- Change the default password
passwd
- Install dependencies:
opkg update
opkg upgrade
opkg install dropbear findutils iptables ldconfig libc libgcc liblzo libndm libopenssl libpthread librt libssp libstdcpp ndmq openvpn-openssl opt-ndmsv2 terminfo zlib
- Install OpenVPN Server
opkg install bash wget openssl-util
wget --no-check-certificate https://raw.githubusercontent.com/maxbelyanin/openvpn-install/master/openvpn-install.sh -O openvpn-install.sh && bash openvpn-install.sh
- Create Users:
Looks like OpenVPN is already installed
What do you want to do?
1) Add a cert for a new user
2) Revoke existing user cert
3) Exit
Select an option [1-3]: 1
Tell me a name for the client cert
Please, use one word only, no special characters
Client name: blablabl-client
Note: using Easy-RSA configuration from: ./vars
Generating a 1024 bit RSA private key
......++++++
.......................................++++++
writing new private key to '/opt/etc/openvpn/easy-rsa/pki/private/blablabl-client.key.XXXXjeKoMl'
-----
Using configuration from /opt/etc/openvpn/easy-rsa/openssl-1.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'blablabl-client'
Certificate is to be certified until Dec 20 23:53:49 2026 GMT (3650 days)
Write out database with 1 new entries
Data Base Updated
Client blablabl-client added, certs available at ~/blablabl-client.ovpn
- Configure iptables for intarface access if need:
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br3 -j ACCEPT
iptables -I INPUT -i tun0 -j ACCEPT
iptables -t filter -A INPUT -i lo -j ACCEPT
- Start OpenVPN Server:
/opt/etc/init.d/S20openvpn start