{"id":398,"date":"2011-10-21T00:26:43","date_gmt":"2011-10-21T00:26:43","guid":{"rendered":"https:\/\/altrix.cz\/?p=398"},"modified":"2011-10-21T00:26:43","modified_gmt":"2011-10-21T00:26:43","slug":"tomato-toastman-openvpn-nastaveni","status":"publish","type":"post","link":"https:\/\/altrix.cz\/?p=398","title":{"rendered":"Tomato (Toastman) OpenVPN nastaven\u00ed"},"content":{"rendered":"<p>V ned\u00e1vn\u00e9 dob\u011b jsem zakoupil router Asus RT-N16, po prvn\u00edm spu\u0161t\u011bn\u00ed sem zjistil, \u017ee defaultn\u00ed firmware neum\u00ed t\u00e9m\u011b\u0159 nic pou\u017eiteln\u00e9ho. Proto sem v prvn\u00ed \u0159ad\u011b router upgradoval pomoc\u00ed DD-WRT. Tento firmware nen\u00ed \u0161patn\u00fd, ale pozd\u011bji sem objevil Tomato firmware. Respektive jeho \u00fapravu <a title=\"Toastman\" href=\"http:\/\/www.4shared.com\/dir\/v1BuINP3\/Toastman_Builds.html\">Toastman firmware<\/a> ve verzi <em>tomato-K26USB-NVRAM60K-x.xx.xxxx.xMIPSR2-Toastman- RT-VPN.trx<\/em>. Tento firmware m\u00e1 v z\u00e1kladu mimo jin\u00e9 podporu MediaServer, FTP, Samba (Windows Sharing), VPN &#8230; V tomto \u010dl\u00e1nku pop\u00ed\u0161u nastaven\u00ed openVPN serveru v tomto firmwaru.<!--more--><\/p>\n<ul>\n<li>Instalace firmware &#8211; instalace spo\u010d\u00edv\u00e1 v nahr\u00e1n\u00ed sta\u017een\u00e9ho firmware do routeru, tento postup je ji\u017e pops\u00e1n v mnoha \u010dl\u00e1nc\u00edch<\/li>\n<\/ul>\n<ul>\n<li>V\u00fdb\u011br polo\u017eky v menu &#8211; viz. obr\u00e1zek, a prvn\u00ed z\u00e1lo\u017eku &#8222;Basic&#8220;<\/li>\n<\/ul>\n<p><a href=\"https:\/\/altrix.cz\/wp-content\/uploads\/2011\/10\/tostman_page-1-1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-401 aligncenter\" title=\"Tostman page\" src=\"https:\/\/altrix.cz\/wp-content\/uploads\/2011\/10\/tostman_page-1-300x172.png\" alt=\"Tostman menu\" width=\"300\" height=\"172\" srcset=\"https:\/\/altrix.cz\/wp-content\/uploads\/2011\/10\/tostman_page-1-300x172.png 300w, https:\/\/altrix.cz\/wp-content\/uploads\/2011\/10\/tostman_page-1-768x441.png 768w, https:\/\/altrix.cz\/wp-content\/uploads\/2011\/10\/tostman_page-1.png 882w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a>Zde je vhodn\u00e9 povolit &#8222;Start with WAN&#8220;. Toto n\u00e1m zaru\u010d\u00ed \u017ee se VPN server spust\u00ed poka\u017ed\u00e9, kdy\u017e bude p\u0159ipojena WAN (ve v\u011bt\u0161in\u011b p\u0159\u00edpad\u016f p\u0159ipojen\u00ed k internetu)<\/p>\n<ul>\n<li>D\u00e1le nastavit &#8222;Interface Type&#8220; na V\u00e1mi vybran\u00e9<\/li>\n<ul>\n<li>TAP &#8211; za\u0159\u00edzen\u00ed p\u0159ipojen\u00e9 p\u0159es VPN se p\u0159ipoj\u00ed na rozsah IP va\u0161\u00ed s\u00edt\u011b<\/li>\n<li>TUN &#8211; za\u0159\u00edzen\u00ed se p\u0159ipoj\u00ed na vlastn\u00ed subset IP adres (vhodn\u00e9 pokud pou\u017e\u00edv\u00e1te na obou stran\u00e1ch tunelu stejn\u00e9 IP rozsahy)<\/li>\n<\/ul>\n<li>&#8222;Protocol&#8220; doporu\u010duji nechat na UDP (rychlej\u0161\u00ed spojen\u00ed)<\/li>\n<li>&#8222;Port&#8220; je vhodn\u00e9 op\u011bt nechat na v\u00fdchoz\u00ed hodnot\u011b 1194 pro TAP interface<\/li>\n<li>&#8222;Firewall&#8220; na &#8222;Automatic&#8220;<\/li>\n<li>&#8222;Authorization Mode&#8220; na TLS<\/li>\n<li>&#8222;Extra HMAC authorization (tls-auth)&#8220; nastavte podle Va\u0161ich preferenc\u00ed<\/li>\n<li>&#8222;Client address pool&#8220; umo\u017e\u0148uje nastavit rozsah p\u0159id\u011blovan\u00fdch IP adres, pokud je zatr\u017eeno pou\u017eije se DHCP pool c\u00edlov\u00e9 s\u00edt\u011b, v\u010detn\u011b stejn\u00fdch pravidel (static IP, omezen\u00ed p\u0159\u00edstupu&#8230;)<\/li>\n<li>Dal\u0161\u00ed z\u00e1lo\u017eku &#8222;Advanced&#8220; doporu\u010duji pouze pro pokro\u010dil\u00e9 u\u017eivatele<\/li>\n<li>Z\u00e1lo\u017eka &#8222;Keys&#8220; je pro n\u00e1s nejzaj\u00edmav\u011bj\u0161\u00ed<\/li>\n<ul>\n<li>Kl\u00ed\u010de vygenerujeme nap\u0159\u00edklad podle tohoto <a title=\"OpenVPN HowTo\" href=\"http:\/\/openvpn.net\/index.php\/open-source\/documentation\/howto.html#pki\">n\u00e1vodu<\/a><\/li>\n<li>Po vygenerov\u00e1n\u00ed kl\u00ed\u010d\u016f zde nastav\u00edme kompletn\u00ed obsah z uveden\u00fdch soubor\u016f podle obr\u00e1zku<\/li>\n<\/ul>\n<\/ul>\n<p style=\"text-align: center;\"><a href=\"https:\/\/altrix.cz\/wp-content\/uploads\/2011\/10\/tostman_keys-1-1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-405 aligncenter\" title=\"Tostman Keys\" src=\"https:\/\/altrix.cz\/wp-content\/uploads\/2011\/10\/tostman_keys-1-300x168.png\" alt=\"Toastman kl\u00ed\u010de\" width=\"300\" height=\"168\" \/><\/a><\/p>\n<ul>\n<li>V\u0161e potvrd\u00edme tla\u010d\u00edtkem &#8222;Save&#8220; a po ulo\u017een\u00ed je mo\u017en\u00e9 server tla\u010d\u00edtkem &#8222;Start Now&#8220; spustit<\/li>\n<li>Jestli se V\u00e1m v\u0161e poda\u0159ilo nastavit spr\u00e1vn\u011b tak na z\u00e1lo\u017ece &#8222;Status&#8220; uvid\u00edme stav serveru. V p\u0159\u00edpad\u011b ne\u00fasp\u011bchu zde bude informace, \u017ee nelze zjistit stav serveru.<\/li>\n<li>A je hotovo, klienty zle op\u011bt nastavit podle v\u00fd\u0161e uveden\u00e9ho n\u00e1vodu.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>Jako aplikaci pro OS Windows doporu\u010duji <a title=\"OpenVPN Portable\" href=\"https:\/\/sourceforge.net\/projects\/ovpnp\/\">OpenVPN Portable<\/a>. Soubor st\u00e1hneme, nainstalujeme a spust\u00edme jako spr\u00e1vce (instaluje se TAP ovlada\u010d, instalaci je nutn\u00e9 n\u00e1sledn\u011b schv\u00e1lit).<\/p>\n<p>Po instalaci je pot\u0159eba do path\/OpenVPNPortable\/data\/config (path je cesta k aplikaci) nakop\u00edrovat soubory &#8222;ca.crt&#8220;, &#8222;clientX.crt&#8220; (kde X je \u010d\u00edslo klienta), &#8222;client.key&#8220; (soubory jsme vygenerovali d\u0159\u00edve) a &#8222;client.ovpn&#8220; (op\u011bt vytvo\u0159en podle d\u0159\u00edv\u011bj\u0161\u00edho n\u00e1vodu). Pak je ji\u017e mo\u017en\u00e9 se pomoc\u00ed connect p\u0159ipojit na V\u00e1\u0161 VPN server.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>V ned\u00e1vn\u00e9 dob\u011b jsem zakoupil router Asus RT-N16, po prvn\u00edm spu\u0161t\u011bn\u00ed sem zjistil, \u017ee defaultn\u00ed firmware neum\u00ed t\u00e9m\u011b\u0159 nic pou\u017eiteln\u00e9ho. Proto sem v prvn\u00ed \u0159ad\u011b router upgradoval pomoc\u00ed DD-WRT. Tento firmware nen\u00ed \u0161patn\u00fd, ale pozd\u011bji sem objevil Tomato firmware. Respektive jeho \u00fapravu Toastman firmware ve verzi tomato-K26USB-NVRAM60K-x.xx.xxxx.xMIPSR2-Toastman- RT-VPN.trx. Tento firmware m\u00e1 v z\u00e1kladu mimo jin\u00e9 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[36,38,53,54,56,57,60],"class_list":["post-398","post","type-post","status-publish","format-standard","hentry","category-navody","tag-open-vpn","tag-openvpn","tag-toastman","tag-toastman-vpn","tag-tomato","tag-tomato-vpn","tag-vpn"],"_links":{"self":[{"href":"https:\/\/altrix.cz\/index.php?rest_route=\/wp\/v2\/posts\/398","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/altrix.cz\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/altrix.cz\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/altrix.cz\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/altrix.cz\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=398"}],"version-history":[{"count":0,"href":"https:\/\/altrix.cz\/index.php?rest_route=\/wp\/v2\/posts\/398\/revisions"}],"wp:attachment":[{"href":"https:\/\/altrix.cz\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=398"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/altrix.cz\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=398"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/altrix.cz\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=398"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}