API tools faq
paste
Advertisement
Guest User

OpenWRT PIA client config

a guest
May 16th, 2015
1,547
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.79 KB | None | 0 0
raw download clone embed print report
  1. ##OpenWRT Private Internet Access VPN Client configuration##
  2. ##Adapted from Logan Marchione https://www.loganmarchione.com/2015/02/openwrt-with-openvpn-client-on-tp-link-tl-mr3020-3/#Configure_OpenWrt ##
  3. ##Note: These configs break access to the device over LAN, and allow for VPN + setting modifications over WAN (Wifi) only.##
  4. ##5/16/2015##
  5.  
  6. root@OpenWrt:~# cat /etc/config/network
  7. config interface 'loopback'
  8. option ifname 'lo'
  9. option proto 'static'
  10. option ipaddr '127.0.0.1'
  11. option netmask '255.0.0.0'
  12.  
  13. config globals 'globals'
  14. option ula_prefix 'fd1f:8e7f:5520::/48'
  15.  
  16. config interface 'lan'
  17. option force_link '1'
  18. option proto 'static'
  19. option netmask '255.255.255.0'
  20. option ip6assign '60'
  21. option ipaddr '192.168.255.2' ###put whatever subnet IP you want here, just remember to use this IP when connecting over wifi to your openwrt route, and make it something not already in use on your subnet!##
  22.  
  23. config interface 'WAN'
  24. option proto 'dhcp'
  25. option ifname 'eth0' ##give the wifi hotspot dhcp of it's own##
  26.  
  27. config interface 'PIA_VPN' ##this is the magic needed to reference the tunnel in the firewall##
  28. option proto 'none'
  29. option ifname 'tun0'
  30.  
  31.  
  32. root@OpenWrt:~# cat /etc/config/firewall
  33. config defaults
  34. option syn_flood '1'
  35. option input 'ACCEPT'
  36. option output 'ACCEPT'
  37. option forward 'REJECT'
  38.  
  39. config zone
  40. option name 'lan'
  41. list network 'lan'
  42. option input 'ACCEPT'
  43. option output 'ACCEPT'
  44. option forward 'ACCEPT'
  45.  
  46. config zone
  47. option name 'wan'
  48. option input 'ACCEPT'
  49. option output 'ACCEPT'
  50. option forward 'REJECT'
  51. option masq '1'
  52. option mtu_fix '1'
  53. option network 'WAN' ##define your wifi as WAN##
  54.  
  55. config forwarding
  56. option src 'lan'
  57. option dest 'wan' ##make WAN connect to LAN##
  58.  
  59. ######BEGIN OPTIONAL GOOD DEFAULTS########
  60. config rule
  61. option name 'Allow-DHCP-Renew'
  62. option src 'wan'
  63. option proto 'udp'
  64. option dest_port '68'
  65. option target 'ACCEPT'
  66. option family 'ipv4'
  67.  
  68. config rule
  69. option name 'Allow-Ping'
  70. option src 'wan'
  71. option proto 'icmp'
  72. option icmp_type 'echo-request'
  73. option family 'ipv4'
  74. option target 'ACCEPT'
  75.  
  76. config rule
  77. option name 'Allow-DHCPv6'
  78. option src 'wan'
  79. option proto 'udp'
  80. option src_ip 'fe80::/10'
  81. option src_port '547'
  82. option dest_ip 'fe80::/10'
  83. option dest_port '546'
  84. option family 'ipv6'
  85. option target 'ACCEPT'
  86.  
  87. config rule
  88. option name 'Allow-ICMPv6-Input'
  89. option src 'wan'
  90. option proto 'icmp'
  91. list icmp_type 'echo-request'
  92. list icmp_type 'echo-reply'
  93. list icmp_type 'destination-unreachable'
  94. list icmp_type 'packet-too-big'
  95. list icmp_type 'time-exceeded'
  96. list icmp_type 'bad-header'
  97. list icmp_type 'unknown-header-type'
  98. list icmp_type 'router-solicitation'
  99. list icmp_type 'neighbour-solicitation'
  100. list icmp_type 'router-advertisement'
  101. list icmp_type 'neighbour-advertisement'
  102. option limit '1000/sec'
  103. option family 'ipv6'
  104. option target 'ACCEPT'
  105.  
  106. config rule
  107. option name 'Allow-ICMPv6-Forward'
  108. option src 'wan'
  109. option dest '*'
  110. option proto 'icmp'
  111. list icmp_type 'echo-request'
  112. list icmp_type 'echo-reply'
  113. list icmp_type 'destination-unreachable'
  114. list icmp_type 'packet-too-big'
  115. list icmp_type 'time-exceeded'
  116. list icmp_type 'bad-header'
  117. list icmp_type 'unknown-header-type'
  118. option limit '1000/sec'
  119. option family 'ipv6'
  120. option target 'ACCEPT'
  121.  
  122. config include
  123. option path '/etc/firewall.user'
  124. ################################
  125.  
  126. config zone
  127. option name 'VPN_FW'
  128. option input 'REJECT'
  129. option output 'ACCEPT'
  130. option forward 'REJECT'
  131. option masq '1'
  132. option mtu_fix '1'
  133. option network 'PIA_VPN' ##sets up a reference to tun0 to be masq##
  134.  
  135. config forwarding
  136. option dest 'VPN_FW'
  137. option src 'lan' ##this line does the actual forwarding magic, make send the LAN to the VPN, and keep in mind our WAN is listening to our LAN. So WAN>LAN>VPN##
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!