Success! Unrestricted, encrypted internet access from my laptop to a linksys
wrt54g running openwrt. The OpenSSH documentation and irc channel bot were
especially helpful - follow them for generating the keys, and use a
configuration like the one below if you want all your internet traffic routed
through a tunnel. The firewall.user I would not copy directly, since it is
overly open. Since I have almost no clue to how IPTables works, any help on
simplifying it would be appreciated.
client
dev tun
proto udp
pull # new for 2.1
remote fayth.ath.cx 1194
nobind
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/fayth.crt
key /etc/openvpn/keys/fayth.key
dh /etc/openvpn/keys/dh2048.pem
comp-lzo
verb 3
### connection
port 1194
proto udp
dev tun
client-to-client
# security
user nobody
group nobody
### keys
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh2048.pem
### routing
server 10.8.0.0 255.255.255.0
### make sure to include def1
push "redirect-gateway def1"
push "dhcp-option DNS 10.8.0.1"
### logging
comp-lzo
keepalive 10 120
status /tmp/openvpn.status
iptables -I FORWARD -j ACCEPT
### OpenVPN
iptables -A OUTPUT -o tun+ -j ACCEPT
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A FORWARD -o tun+ -j ACCEPT
iptables -I OUTPUT -o tun+ -j ACCEPT
iptables -I INPUT -i tun+ -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -I FORWARD -o tun+ -j ACCEPT
iptables -I FORWARD -i tun+ -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -I POSTROUTING -o tun+ -j MASQUERADE