Seguridad wireless ( primera parte )
Proteger wireless sin encriptación con vpn.
En esto caso usaremos un linksys wrt54gs con el firmware tomato vpn (http://www.linksysinfo.org/forums/showthread.php?t=53233
red wireless 192.168.10.*
red interna 192.168.1.*
Activamos jffs
Desactivamos dhcp
Introducimos:
dentro de script firewall:
iptables -I INPUT -i eth1 -p udp --dport 1194 -j ACCEPT
dentro de script wan up:
insmod tun.o
brctl delif br0 eth1
ifconfig eth1 192.168.10.1 netmask 255.255.255.0
killall nas
nas -P /var/run/nas.pid -l eth1 -H 34954 -i eth1 -A -m 128 -k yourwpa2key -s youraccespointname -w 4 -g 3600 &
openvpn --mktun --dev tap0
brctl addif br0 tap0
ifconfig tap0 0.0.0.0 promisc up
ln -s /usr/sbin/openvpn /tmp/myvpn
/tmp/myvpn --config /jffs/openvpn.conf
dentro de /jffs/openvpn.conf :
cd /jffs
port 1194
proto udp
dev tap0
tls-server
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server-bridge 192.168.1.1 255.255.255.0 192.168.1.100 192.168.1.200
client-config-dir /jffs/bridge-clients
ccd-exclusive
push "redirect-gateway def1"
push "route-delay 2"
push "dhcp-option DNS 192.168.1.1"
push "comp-lzo yes"
client-to-client
keepalive 15 30
comp-lzo yes
comp-noadapt
max-clients 10
user nobody
group nobody
persist-key
persist-tun
fast-io
txqueuelen 10000
rcvbuf 131072
sndbuf 131072
verb 3
daemon
Copiar ca.crt,server.crt,server.key,dh1024.pem a /jffs
Configuración cliente siguiente artículo
Comentarios
Publicar un comentario