Skip to content

Instantly share code, notes, and snippets.

@maxbelyanin

maxbelyanin/zyxel-openvpn-server.md

Last active May 19, 2023 14:31
Show Gist options
  • Save maxbelyanin/652f5b241f119b120ee62316c7acaf88 to your computer and use it in GitHub Desktop.
Save maxbelyanin/652f5b241f119b120ee62316c7acaf88 to your computer and use it in GitHub Desktop.
Download ZIP
ZyXel OpenVPN Configuration
Raw
zyxel-openvpn-server.md
  1. Update packages:
  • NDMSv2 +
  • OPKG -> Open Package support
  • OPKG -> Opkg kernel filesystems modules
  • OPKG -> Opkg kernel netfilter modules
  • OPKG -> Opkg kernel trafficcontrol modules
  • Networking -> IPv6
  • USB Storage -> *
  • Applications -> FTP Server (for upload firmware only)
  1. Make ext2/ext3 partition on USB-stick
  2. Create 'install' dir at this USB-stick
  3. Copy to 'install' the mipsel
  4. At the ZyXel appliance page 'Application':
  • check 'Enable OPKG'
  • choose storage device
  • input initrc script: '/opt/etc/init.d/rc.unslung'
  • push 'Apply' button

  1. If all has been right -> 'Installation Entware-Keenetic completed'

  2. login to zyxel:

ssh -l root your.zyxel.ip.addr (password: zyxel)
  1. Change the default password
passwd
  1. Install dependencies:
opkg update
opkg upgrade
opkg install dropbear findutils iptables ldconfig libc libgcc liblzo libndm libopenssl libpthread librt libssp libstdcpp ndmq openvpn-openssl opt-ndmsv2 terminfo zlib
  1. Install OpenVPN Server
opkg install bash wget openssl-util
wget --no-check-certificate https://raw.githubusercontent.com/maxbelyanin/openvpn-install/master/openvpn-install.sh -O openvpn-install.sh && bash openvpn-install.sh
  1. Create Users:
Looks like OpenVPN is already installed

What do you want to do?
   1) Add a cert for a new user
   2) Revoke existing user cert
   3) Exit
Select an option [1-3]: 1

Tell me a name for the client cert
Please, use one word only, no special characters
Client name: blablabl-client

Note: using Easy-RSA configuration from: ./vars
Generating a 1024 bit RSA private key
......++++++
.......................................++++++
writing new private key to '/opt/etc/openvpn/easy-rsa/pki/private/blablabl-client.key.XXXXjeKoMl'
-----
Using configuration from /opt/etc/openvpn/easy-rsa/openssl-1.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName            :ASN.1 12:'blablabl-client'
Certificate is to be certified until Dec 20 23:53:49 2026 GMT (3650 days)

Write out database with 1 new entries
Data Base Updated

Client blablabl-client added, certs available at ~/blablabl-client.ovpn
  1. Configure iptables for intarface access if need:
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br3 -j ACCEPT
iptables -I INPUT -i tun0 -j ACCEPT
iptables -t filter -A INPUT -i lo -j ACCEPT
  1. Start OpenVPN Server:
/opt/etc/init.d/S20openvpn start
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment