OpenWRT install and connect Fortinet VPN

opkg install openfortivpn luci-proto-openfortivpn

reboot

in Luci

add interface

proto using openfortivpn

fill username, password, ip address, port

in advanced, fill “VPN Server’s certificate SHA1 hash” if your fortiSSL cert not trusted by your device.

Save and apply

restart the interface will connected and get a ip from vpn.

Let openwrt’s client can access fortiSSL

# iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o vpn-company -j MASQUERADE

add static route then done

留言

張貼留言

這個網誌中的熱門文章

OpenVPN Server build on Debian 11

Quote from : https://www.server-world.info/en/note?os=Debian_11&p=openvpn&f=1 [1] Install OpenVPN. root@dlp:~#  apt  -y install openvpn easy-rsa iptables [2] Create CA and Certificates. root@dlp:~#  cd  /usr/share/easy-rsa# initialize root@dlp:/usr/share/easy-rsa# ./easyrsa init-pki init-pki complete; you may now create a CA or requests. Your newly created PKI dir is: /usr/share/easy-rsa/pki # create CA root@dlp:/usr/share/easy-rsa# ./easyrsa build-ca Using SSL: openssl OpenSSL 1.1.1k 25 Mar 2021 # set any pass-phrase Enter New CA Key Passphrase: Re-Enter New CA Key Passphrase: Generating RSA private key, 2048 bit long modulus (2 primes) …….+++++ …………………..+++++ e is 65537 (0x010001) You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you ...
閱讀完整內容

OpenWRT dumb AP with WPA3-SAE + 802.11r

圖片
OpenWRT veriosn: 23.05.2 HW: TOTOLINK X5000R Ref: https://vicfree.com/2022/11/openwrt-wpa3-802.11kvr-ap-setup/ Requirement: #install fully wpad package with openssl opkg update opkg install wpad-openssl #disabled firewall, dhcp server and dnsmasq for i in firewall dnsmasq odhcpd; do if /etc/init.d/"$i" enabled; then /etc/init.d/"$i" disable /etc/init.d/"$i" stop fi done Luci setting: /etc/config/wireless: config wifi-iface 'wifinet1' option device 'radio1' option mode 'ap' option ssid 'MY_SSID' option encryption 'sae' option key 'MY_PASSWORD' option ieee80211r '1' option reassociation_deadline '20000' option ft_over_ds '0' option ft_psk_generate_local '0' option ieee80211k '1' option time_zone 'CST-8' ...
閱讀完整內容