OpenVPN
Going forward, you will need to install the Amahi OpenVPN application.
You need to forward one port (1194/UDP) to your HDA's IP to enable your OpenVPN service from outside your network.
You will also need client software.
Once connected from outside your network, your computer becomes virtually a computer in your home network. All your files and services are as easily accessible as when you are at home.
NEW! You can now use your amahi.org control panel to test your VPN remotely!
Overview
There are two requirements for Remote Access to work:
- On the client side, you need to be running a client
- We provide one for Windows, pre-configured for Amahi
- We recommend one for the Mac, which requires some manual configuration
- The client for Linux comes with most distros and uses the same settings as the Mac
- Your router needs to forward UDP port 1194 to the IP address of your HDA. The way to do this is through port forwarding, which varies from router to router. Make sure you forward UDP (not TCP)
OpenVPN Clients
Check the page for OpenVPN clients.
Port Forwarding References
- Massive database of port forwarding information by router.
- YouTube Video on Port Forwarding for Linksys Routers.
Bridging VPN and eth0
If you'd like your VPN clients to get IP addresses in the same subnet as your HDA, and not in the 10.8.0.0/24 subnet (default), read this page: VPN Bridging.
IP Forwarding (Ubuntu)
Something that is often asked on the forums is how to have access to your remote LAN's resources while connected to your HDA. One way to accomplish this is through bridging VPN and eth0 on your HDA. This process may not be necessary for some users and a script has been developed by user olson of the forum to accomplish this task. Not only with this script allow for a user to browse to their remote LAN's resources, the user will also be able to browse the internet while connected to their VPN. Below is the script and instructions for how to run it. Please keep in mind that this is for Ubuntu based HDA's ONLY.
#!/bin/bash log_file="/tmp/openvpn_extra.log" function log() { echo -e "$(date +%b\ %d\ %H:%M:%S) $(hostname -s) openvpn_extra: $@" >> $log_file echo -e "$(date +%b\ %d\ %H:%M:%S) $(hostname -s) openvpn_extra: $@" } # Enable it right now if ! echo 1 > /proc/sys/net/ipv4/ip_forward; then log "FATAL: could not enable ip_forward for immediate use" exit 1 fi if ! iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE; then log "FATAL: could not set iptables for immediate use" exit 1 fi #set it up so it does it at startup if ! sed -i 's/#net.ipv4.ip_forward=.*\+/net.ipv4.ip_forward=1/' /etc/sysctl.conf; then log "FATAL: could not set ip_forward permanantly" exit 1 fi if ! sh -c "iptables-save > /etc/iptables.rules"; then log "FATAL: could not set iptables permanantly" exit 1 fi sudo cat > /etc/network/if-pre-up.d/iptablesload <<EOF #!/bin/sh iptables-restore < /etc/iptables.rules exit 0 EOF sudo cat > /etc/network/if-post-down.d/iptablessave <<EOF #!/bin/sh iptables-save -c > /etc/iptables.rules if [ -f /etc/iptables.downrules ]; then iptables-restore < /etc/iptables.downrules fi exit 0 EOF if ! chmod +x /etc/network/if-post-down.d/iptablessave; then log "FATAL: Could not chmod the iptablessave script" exit 1 fi if ! chmod +x /etc/network/if-pre-up.d/iptablesload; then log "FATAL: Could not chmod the iptablesload script" exit 1 fi echo "Done" exit 0
You can then run the script with the following command from the CLI:
sudo bash openvpn_extra.sh
Troubleshooting
Check out the OpenVPN troubleshooting page for troubleshooting tips.
Implementation
The VPN solution is implemented through the very popular OpenVPN software VPN.
Custom Certs
To see how one can create custom certificates for us in Amahi's OpenVPN, see the details in the OpenVPN custom certificates page.