http://bering-uclibc.zetam.org/index.php?title=Bering-uClibc_5.x_-_User_Guide_-_Advanced_Topics_-_Setting_Up_a_Virtual_Private_Network&feed=atom&action=historyBering-uClibc 5.x - User Guide - Advanced Topics - Setting Up a Virtual Private Network - Revision history2024-03-29T05:19:28ZRevision history for this page on the wikiMediaWiki 1.26.0http://bering-uclibc.zetam.org/index.php?title=Bering-uClibc_5.x_-_User_Guide_-_Advanced_Topics_-_Setting_Up_a_Virtual_Private_Network&diff=1629&oldid=prevDavidmbrooke: Changed "Prev" links for new Wireless Internet Connection page2013-06-27T19:13:23Z<p>Changed "Prev" links for new Wireless Internet Connection page</p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;' lang='en'>
<td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 19:13, 27 June 2013</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l2" >Line 2:</td>
<td colspan="2" class="diff-lineno">Line 2:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>! colspan="3" align="center" | [[Bering-uClibc 5.x - User Guide - Advanced Topics - Setting Up a Virtual Private Network|Advanced Topics - Setting Up a Virtual Private Network]]</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>! colspan="3" align="center" | [[Bering-uClibc 5.x - User Guide - Advanced Topics - Setting Up a Virtual Private Network|Advanced Topics - Setting Up a Virtual Private Network]]</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>|-</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>|-</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>| width="20%" align="left"  | [[Bering-uClibc 5.x - User Guide - Advanced Topics - Setting Up a Wireless <del class="diffchange diffchange-inline">Access Point</del>|Prev]]</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>| width="20%" align="left"  | [[Bering-uClibc 5.x - User Guide - Advanced Topics - Setting Up a Wireless <ins class="diffchange diffchange-inline">Internet Connection</ins>|Prev]]</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>! width="60%" align="center" | [[Bering-uClibc 5.x - User Guide]]</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>! width="60%" align="center" | [[Bering-uClibc 5.x - User Guide]]</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>| width="20%" align="right"  | [[Bering-uClibc 5.x - User Guide - Advanced Topics - Setting Up a Routing Daemon|Next]]</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>| width="20%" align="right"  | [[Bering-uClibc 5.x - User Guide - Advanced Topics - Setting Up a Routing Daemon|Next]]</div></td></tr>
<tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l496" >Line 496:</td>
<td colspan="2" class="diff-lineno">Line 496:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>----</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>----</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>{| summary="Navigation footer" width="100%"</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>{| summary="Navigation footer" width="100%"</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>| width="40%" align="left"  | [[Bering-uClibc 5.x - User Guide - Advanced Topics - Setting Up a Wireless <del class="diffchange diffchange-inline">Access Point</del>|Prev]]</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>| width="40%" align="left"  | [[Bering-uClibc 5.x - User Guide - Advanced Topics - Setting Up a Wireless <ins class="diffchange diffchange-inline">Internet Connection</ins>|Prev]]</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>| width="20%" align="center" | [[Bering-uClibc 5.x - User Guide - Advanced Topics|Up]]</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>| width="20%" align="center" | [[Bering-uClibc 5.x - User Guide - Advanced Topics|Up]]</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>| width="40%" align="right"  | [[Bering-uClibc 5.x - User Guide - Advanced Topics - Setting Up a Routing Daemon|Next]]</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>| width="40%" align="right"  | [[Bering-uClibc 5.x - User Guide - Advanced Topics - Setting Up a Routing Daemon|Next]]</div></td></tr>
</table>Davidmbrookehttp://bering-uclibc.zetam.org/index.php?title=Bering-uClibc_5.x_-_User_Guide_-_Advanced_Topics_-_Setting_Up_a_Virtual_Private_Network&diff=1411&oldid=prevKapeka: modules are gzipped2012-10-27T12:08:29Z<p>modules are gzipped</p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;' lang='en'>
<td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 12:08, 27 October 2012</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l306" >Line 306:</td>
<td colspan="2" class="diff-lineno">Line 306:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>==Loading the modules==</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>==Loading the modules==</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>You need to load the tun Module <code class="filename">ipsec.<del class="diffchange diffchange-inline">o</del></code> to have a virtual tunnel interface and kernel support for ipsec.</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>You need to load the tun Module <code class="filename">ipsec.<ins class="diffchange diffchange-inline">ko.gz</ins></code> to have a virtual tunnel interface and kernel support for ipsec.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>To accomplish this, you need the appropriate modules tarball for your LEAF Bering-uClibc.  </div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>To accomplish this, you need the appropriate modules tarball for your LEAF Bering-uClibc.  </div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>Unpack the modules tarball and copy <code class="filename">/kernel/net/ipsec/ipsec.<del class="diffchange diffchange-inline">o</del></code> to <code class="filename">/lib/modules</code> on your router.</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>Unpack the modules tarball and copy <code class="filename">/kernel/net/ipsec/ipsec.<ins class="diffchange diffchange-inline">ko.gz</ins></code> to <code class="filename">/lib/modules</code> on your router.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>You don't need to put it in <code class="filename">/etc/modules</code> as the ipsec init script loads and unloads the module on demand.</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>You don't need to put it in <code class="filename">/etc/modules</code> as the ipsec init script loads and unloads the module on demand.</div></td></tr>
</table>Kapekahttp://bering-uclibc.zetam.org/index.php?title=Bering-uClibc_5.x_-_User_Guide_-_Advanced_Topics_-_Setting_Up_a_Virtual_Private_Network&diff=1410&oldid=prevKapeka: modules are gzipped2012-10-27T12:06:56Z<p>modules are gzipped</p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;' lang='en'>
<td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 12:06, 27 October 2012</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l40" >Line 40:</td>
<td colspan="2" class="diff-lineno">Line 40:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>==Loading the modules==</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>==Loading the modules==</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>You need to load the tun module <code class="filename">tun.<del class="diffchange diffchange-inline">o</del></code> to have a virtual tunnel interface.</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>You need to load the tun module <code class="filename">tun.<ins class="diffchange diffchange-inline">ko.gz</ins></code> to have a virtual tunnel interface.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>To accomplish this, you need the appropriate modules tarball for your LEAF Bering-uClibc.  </div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>To accomplish this, you need the appropriate modules tarball for your LEAF Bering-uClibc.  </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>Unpack the modules tarball and copy <code class="filename">/kernel/drivers/net/tun.<del class="diffchange diffchange-inline">o</del></code> to <code class="filename">/lib/modules</code> on your router.</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>Unpack the modules tarball and copy <code class="filename">/kernel/drivers/net/tun.<ins class="diffchange diffchange-inline">ko.gz</ins></code> to <code class="filename">/lib/modules</code> on your router.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>Add "tun" to your <code class="filename">/etc/modules</code>.</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>Add "tun" to your <code class="filename">/etc/modules</code>.</div></td></tr>
</table>Kapekahttp://bering-uclibc.zetam.org/index.php?title=Bering-uClibc_5.x_-_User_Guide_-_Advanced_Topics_-_Setting_Up_a_Virtual_Private_Network&diff=1399&oldid=prevKapeka: Created page with '{| summary="Navigation header" width="100%" ! colspan="3" align="center" | [[Bering-uClibc 5.x - User Guide - Advanced Topics - Setting Up a Virtual Private Network|Advanced Topi…'2012-10-27T11:02:12Z<p>Created page with '{| summary="Navigation header" width="100%" ! colspan="3" align="center" | [[Bering-uClibc 5.x - User Guide - Advanced Topics - Setting Up a Virtual Private Network|Advanced Topi…'</p>
<p><b>New page</b></p><div>{| summary="Navigation header" width="100%"<br />
! colspan="3" align="center" | [[Bering-uClibc 5.x - User Guide - Advanced Topics - Setting Up a Virtual Private Network|Advanced Topics - Setting Up a Virtual Private Network]]<br />
|-<br />
| width="20%" align="left" | [[Bering-uClibc 5.x - User Guide - Advanced Topics - Setting Up a Wireless Access Point|Prev]]<br />
! width="60%" align="center" | [[Bering-uClibc 5.x - User Guide]]<br />
| width="20%" align="right" | [[Bering-uClibc 5.x - User Guide - Advanced Topics - Setting Up a Routing Daemon|Next]]<br />
|}<br />
----<br />
<br />
<br />
=OpenVPN=<br />
'''This material copied directly from http://leaf.sourceforge.net/doc/bucu-openvpn.html - needs to be checked/updated for Bering-uClibc 5.x!'''<br />
<br />
==Introduction==<br />
This chapter describes how to configure your LEAF system(s) to build Virtual Private Networks (VPN) with [http://www.openvpn.net/ OpenVPN].<br />
<br />
===Overview of the setup described here===<br />
The setup described here assumes you are using openvpn 2.x in server/client mode. Furthermore the setup used for this chapter is based on LEAF systems connected to the internet via dynamic IP's. It will be similar, but easier, to build VPN's between LEAF systems with a fixed IP or a mixed environment.<br />
<br />
We also had in mind to tunnel the subnets behind the LEAF routers. Connecting one or more road-warriors should be easier again.<br />
<br />
Additionally only routing (using the TUN interface) between subnets is described, for bridging (using the TAP interface), the differences to routing and advantages/disadvantages of tunneling or bridging please read the [http://openvpn.net/faq.html#bridge1 according Openvpn documentation].<br />
<br />
In our example OpenVPN setup, openvpn uses lzo compression and the keys (esp. the CA authority) are built and stored on the LEAF router.<br />
<br />
'''Note:''' Following the description about creating keys may impose security risks! It's only useful to help you to start with openvpn, in no way it's meant to be used in a production environment.<br />
<br />
===About openvpn===<br />
OpenVPN is a full-featured SSL VPN solution which can accommodate a wide range of configurations, including road warrior access, home/office/campus telecommuting, WiFi security, secure branch office linking, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls.<br />
<br />
Compared with ipsec implementations like freeswan/openswan it's easier to setup, supports dynamic IP addresses out of the box and doesn't need any kernel patches.<br />
<br />
==Loading the packages==<br />
Edit the <code class="filename">leaf.cfg</code> file and add <code class="filename">openvpnz.lrp</code>, <br />
<code class="filename>easyrsa.lrp</code> and <code class="filename">openssl.lrp</code> to the list of Packages to be loaded at boot. Check [[Bering-uClibc 5.x - User Guide - Basic Configuration - LEAF Packages|Basic Configuration - LEAF Packages]] to learn how to do that.<br />
<br />
You don't need <code class="filename">liblzo.lrp</code> if you choose the OpenVPN package without lzo support (<code class="filename">openvpn.lrp</code>).<br />
<br />
The Packages <code class="filename">openssl.lrp</code> and <code class="filename">easyrsa.lrp</code> are only needed on your OpenVPN server to create the keys. You don't need it on an OpenVPN client and you don't need to load it on your OpenVPN server, once you have created the keys.<br />
<br />
==Loading the modules==<br />
You need to load the tun module <code class="filename">tun.o</code> to have a virtual tunnel interface.<br />
<br />
To accomplish this, you need the appropriate modules tarball for your LEAF Bering-uClibc. <br />
<br />
Unpack the modules tarball and copy <code class="filename">/kernel/drivers/net/tun.o</code> to <code class="filename">/lib/modules</code> on your router.<br />
<br />
Add "tun" to your <code class="filename">/etc/modules</code>.<br />
<br />
Save modules.lrp<br />
<br />
==Generating keys==<br />
To start with OpenVPN 2.x in server/client mode, you'll have to generate SSL keys and certificate those keys. The table below shows which keys and certificates are necessary on which system:<br />
<br />
{| summary="OpenVPN keys and certificates" border="1"<br />
|-<br />
| <span class="emphasis">''OpenVPN Server''</span><br />
| <span class="emphasis">''OpenVPN Client''</span><br />
|-<br />
| CA certificate<br />
| CA certificate<br />
|-<br />
| Server key<br />
| Client key<br />
|-<br />
| Server certificate<br />
| Client certificate<br />
|}<br />
<br />
If you don't have your own CA the next sections describe how to make one and generate the necessary keys and certificates.<br />
<br />
If you have your own existing key generation and CA environment you can use that to generate keys and certificates for the server and client(s) and install them manually into the directory defined in the configuration file. The only step that you still need to make with the tools described below is the generation of the Diffie-Hellman parameters.<br />
<br />
===Setup for key generation on your Bering-uClibc box===<br />
The package <code class="filename">easyrsa.lrp</code> provides you with the necessary scripts to do this part of the configuration. For this demo four steps are necessary:<br />
# Configure key generation<br />
# Build your own Root Certificate Authority (CA) key and certificate<br />
# Build the server key and certificate<br />
# Build the client key(s) and certificate(s)<br />
<br />
Edit /etc/easy-rsa/vars and change the settings as needed. You should only need to change the values for KEY_COUNTRY, KEY_PROVINCE, KEY_CITY, KEY_ORG and KEY_EMAIL. Optionally you can change the KEY_SIZE to a greater value.<br />
<br />
Change directory into /etc/easyrsa and source<br />
<br />
<span class="command">'''. /etc/easyrsa/vars'''</span><br />
<br />
(this means: dot blank /etc/easyrsa/vars)<br />
<br />
to export the new settings to your environment variables and the command <span class="command">'''clean-all'''</span>, if you build the keys the first time.<br />
<br />
===Build your own Root Certification Authority (CA) certificate/key===<br />
With <span class="command">'''build-ca'''</span> the ca.crt and ca.key will be built in your KEY_DIR directory.<br />
<br />
===Build Diffie-Hellmann parameters===<br />
This step is necessary for the server end of a SSL/TLS connection. Run <span class="command">'''build-dh'''</span>.<br />
<br />
===Build the server key===<br />
The server certificates will be built with the <span class="command">'''build-key-server'''</span> script (needs the name as parameter which has to be the same as the common name).<br />
<br />
You will be asked to sign the certificate with your ca keys - respond "y".<br />
<br />
To save your setup and keys backup openvpnz.lrp.<br />
<br />
===Build the client key(s)===<br />
The last step is to build and sign the client keys.<br />
<br />
Therefore run the build-key script with the client name as parameter. This name should also be added if you're asked for the "Common Name" during key generation. Again sign the certificates.<br />
<br />
Transfer the generated and signed key (foo.crt, foo.key) plus the generated ca.crt in a secure way to your client(s).<br />
<br />
==OpenVPN server side==<br />
<br />
===OpenVPN server configuration===<br />
Edit /etc/openvpn/server.conf.<br />
<br />
Set the ca, cert and key to the generated root certificate, server certificate and server key.<br />
<br />
ca keys/ca.crt<br />
cert keys/Server.crt<br />
key keys/Server.key # This file should be kept secret<br />
<br />
Additionally set the path to the key with the Diffie-Hellman parameters:<br />
<br />
dh keys/dh1024.pem<br />
<br />
Announce the routes to the client to allow it to reach other private subnets over the openvpn server with the push statement. Remember that these private subnets will also need to know to route the OpenVPN client address pool (10.8.0.0/255.255.255.0) back to the OpenVPN server:<br />
<br />
push "route 192.168.10.0 255.255.255.0"<br />
push "route 192.168.25.0 255.255.255.0"<br />
push "route 192.168.23.0 255.255.255.0"<br />
<br />
Add the routes to the subnets to the OpenVPN server:<br />
<br />
route 192.168.25.0 255.255.255.0 vpn_gateway<br />
route 192.168.23.0 255.255.255.0 vpn_gateway<br />
<br />
To allow machines in the subnets behind the OpenVPN clients to access the vpn as well you need to define the client-config-dir an add the route as well:<br />
<br />
client-config-dir ccd<br />
route 192.168.25.0 255.255.255.0<br />
route 192.168.23.0 255.255.255.0<br />
<br />
Given your client-names are vpn-client1 and vpn-client2 add a file for each client with the clients name ("vpnclient1" and "vpn-client2") in /etc/openvpn/ccd and add a statement like:<br />
<br />
iroute 192.168.23.0 255.255.255.0<br />
<br />
for the client providing the 192.168.23.0 subnet<br />
<br />
and<br />
<br />
iroute 192.168.25.0 255.255.255.0<br />
<br />
for the client providing the 192.168.25.0 subnet<br />
<br />
If you want to have the clients and subnets behind seeing each other, enable client-to-client.<br />
<br />
Backup ovpn20z.lrp.<br />
<br />
===Configure shorewall on the openvpn server===<br />
Add a new zone to /etc/shorewall/zones:<br />
<br />
<nowiki> #ZONE TYPE OPTIONS IN OUT<br />
# OPTIONS OPTIONS<br />
vpn</nowiki><br />
<br />
Add the tun interface to /etc/shorewall/interfaces:<br />
<br />
vpn tun+<br />
<br />
Note that we added a wildcard ("+") to the tun interface so the vpn zone applies to all tun interfaces - important if you want to support more than one openvpn client.<br />
<br />
You can either open the traffic between the vpn zone and the local net completely with adding<br />
<br />
loc vpn ACCEPT<br />
vpn loc ACCEPT<br />
<br />
to /etc/shorewall/policy - or just add the ports you want to open in /etc/shorewall/rules.<br />
<br />
As last step add your vpn to the shorewall tunnel defintions (/etc/shorewall/tunnels)<br />
<br />
generic:udp:1194 net 0.0.0.0/0<br />
<br />
Note: This is very generic definition: Newer shorewall versions support ''<code>openvpn</code>'' as tunnel type. The gateway is defined as "0.0.0.0/0" to support clients with dynamic ip addresses.<br />
<br />
===Starting the OpenVPN server===<br />
<br />
====Manual====<br />
To test the server configuration you can manually start the OpenVPN server with the command<br />
<br />
<span class="command">'''<nowiki># openvpn /etc/openvpn/server.conf</nowiki>'''</span><br />
<br />
====Automatic====<br />
After a (re)boot the <code class="filename">/etc/init.d/openvpn</code> script starts all tunnels that have a definition file in <code class="filename">/etc/openvpn</code>. The definition files for VPN's are all files with the extension <code class="filename">.conf</code>.<br />
<br />
Beginning with openvpn v2.0.9 you can edit the Autostart value in <code class="filename">/etc/default/openvpn</code> to explicitely declare the VPN's that shall be started.. Allowed values are "all", "none" or a space separated list of names of the VPNs - to start only the newly created <code class="filename">server.conf</code> set "Autostart=server". If Autostart is empty, "all" is assumed. This setting is default in Bering-uClibc's openvpn packages.<br />
<br />
====Checking====<br />
Check <code class="filename">/var/log/openvpn-status</code> for the status of your openvpn tunnels<br />
<br />
In case of problems <code class="filename">/var/log/daemon.log</code> may give some hints for troubleshooting<br />
<br />
==OpenVPN clients==<br />
<br />
===OpenVPN client configuration===<br />
Edit <code class="filename">/etc/openvpn/client.conf</code>.<br />
<br />
Change the remote server to your OpenVPN server:<br />
<br />
remote my-server-1 1194<br />
<br />
You can choose a dynamic DNS entry like:<br />
<br />
remote foo.dyndns.org 1194<br />
<br />
Uncomment "user" and "group". You also have to uncomment "nobind" on a OpenVPN server, if you need to start a client as well, to make the net behind the OpenVPN server visible to your clients.<br />
<br />
Set the path and key names:<br />
<br />
ca keys/ca.crt<br />
cert keys/vpn-client1.crt<br />
key keys/vpn-client1.key<br />
<br />
Backup your OpenVPN package.<br />
<br />
===Configure shorewall on an OpenVPN client===<br />
Add a new zone to <code class="filename">/etc/shorewall/zones</code>:<br />
<br />
vpn VPN Remote Subnet<br />
<br />
Add the tun interface to <code class="filename">/etc/shorewall/interfaces</code>:<br />
<br />
vpn tun0<br />
<br />
You can either open the traffic between the vpn zone and the local net completly with adding<br />
<br />
loc vpn ACCEPT <br />
vpn loc ACCEPT<br />
<br />
to <code class="filename">/etc/shorewall/policy</code> - or just add the ports you want to open in <code class="filename">/etc/shorewall/rules</code>.<br />
<br />
As last step add your vpn to the shorewall tunnel defintions (<code class="filename">/etc/shorewall/tunnels</code>)<br />
<br />
generic:udp:1194 net 0.0.0.0/0<br />
<br />
Note: This is very generic definition: Newer shorewall versions support openvpn as tunnel type. The gateway is defined as "0.0.0.0/0" to support an openserver with dynamic ip address.<br />
<br />
===Starting the OpenVPN client===<br />
<br />
====Manual====<br />
To test the client configuration you can manually start the OpenVPN client with the command<br />
<br />
<span class="command">'''<nowiki># openvpn /etc/openvpn/client.conf</nowiki>'''</span><br />
<br />
====Automatic====<br />
After a (re)boot the <code class="filename">/etc/init.d/openvpn</code> script starts all tunnels that have a definition file in <code class="filename">/etc/openvpn</code>. The definition files for VPN's are all files with the extension <code class="filename">.conf</code>.<br />
<br />
Beginning with openvpn v2.0.9 you can change the Autostart value in <code class="filename">/etc/default/openvpn</code> to explicitely declare the VPN's that shall be started. Allowed values are "all", "none" or a space separated list of names of the VPNs - to start only the newly created <code class="filename">client.conf</code> set "Autostart=client". If Autostart is empty, "all" is assumed. This setting is default in Bering-uClibc's openvpn Packages.<br />
<br />
==Links==<br />
<br />
===OpenVPN links===<br />
[http://openvpn.net/ OpenVPN main page]<br />
<br />
[http://www.vpnforum.de/ German OpenVPN forum]<br />
<br />
A valuable forum for german speaking users- if someone knows a similar forum, please let us know.<br />
<br />
===OpenSSL tools and hints to how to create your own Certificates===<br />
This points you to sites with software and documenation team member uses to create their own keys.<br />
<br />
[http://www.openssl.org/ OpenSSL main page]<br />
<br />
[http://www.hohnstaedt.de/xca.html xca]<br />
<br />
A nice graphical interface, works for Windows as well as Linux.<br />
<br />
[http://tinyca.sm-zone.net/ tinyca]<br />
<br />
TinyCA is a simple graphical userinterface written in Perl/Gtk to manage a small CA (Certification Authority). TinyCA works as a frontend for openssl<br />
<br />
[http://www.pseudonym.org/ssl/ssl_ca.html#creatingl Creating Self-Signed Certificate Authority Certificate]<br />
<br />
For those who run the most important servers without X11<br />
<br />
<br />
=Openswan (IPsec)=<br />
'''This material copied directly from http://leaf.sourceforge.net/doc/bucu-openswan.html - needs to be checked/updated for Bering-uClibc 5.x!'''<br />
<br />
==Introduction==<br />
<br />
===Objectives===<br />
This chapter describes how to configure your LEAF system(s) to build Virtual Private Networks (VPN) with [http://www.openswan.org/ Openswan].<br />
<br />
===Overview of the setup described here===<br />
The setup described here assumes you are using openswan 2.6.x with KLIPS (virtual interface support) Furthermore the setup used for this chapter is based on LEAF systems connected to the internet via static IP's. If you don't have a fixed ip, use the <code class="filename">ezipupd.lrp </code> Package and a dynamic DNS service like [http://leaf.sourceforge.net/doc/www.dyndns.org www.dyndns.org].<br />
<br />
In the following sections we describe a setup for connecting subnets behind 2 LEAF systems. For the example, these systems are called west and east, and both have a DNS name like west.dyndns.org and east.dyndns.org. Please remember that these names are only examples, use real ones instead!<br />
<br />
[[Image:ipsec1.png|center|frame|alt=Example Setup|Example Setup]]<br />
<br />
===About openswan===<br />
Openswan implements the IPSec Internet Standard for Linux. It is not the only solution but it is based on the oldest implementation of IPSec for Linux called FreeSwan. The FreeSwan project ended some years ago and their code base was used to create openswan. The feature list includes X.509 Certificates, support for nat-t and aggressive mode. It might be a good idea to take a look at the [http://leaf.sourceforge.net/doc/www.openswan.org openswan Homepage] for a brief description of the features of this software.<br />
<br />
==Loading the packages==<br />
Edit the <code class="filename">leaf.cfg</code> file and add <code class="filename">openswan.lrp</code> to the list of Packages to be loaded at boot. Check [[Bering-uClibc 5.x - User Guide - Basic Configuration - LEAF Packages|Basic Configuration - LEAF Packages]] to learn how to do that.<br />
<br />
==Loading the modules==<br />
You need to load the tun Module <code class="filename">ipsec.o</code> to have a virtual tunnel interface and kernel support for ipsec.<br />
<br />
To accomplish this, you need the appropriate modules tarball for your LEAF Bering-uClibc. <br />
Unpack the modules tarball and copy <code class="filename">/kernel/net/ipsec/ipsec.o</code> to <code class="filename">/lib/modules</code> on your router.<br />
<br />
You don't need to put it in <code class="filename">/etc/modules</code> as the ipsec init script loads and unloads the module on demand.<br />
<br />
Save modules.lrp<br />
<br />
==Generating keys==<br />
To start with you will need to generate the necessary certificates, keys and a crl file. The easiest way to do this is to use a frontend like tinyca.<br />
<br />
For this example we would need the following files (remember that our systems are called west and east):<br />
* <code class="filename">west-cert.pem</code><br />
* <code class="filename">east-cert.pem</code><br />
* <code class="filename">testca-cert.pem</code><br />
* <code class="filename">west-key.pem</code><br />
* <code class="filename">east-key.pem</code><br />
* <code class="filename">crl.pem</code><br />
<br />
The first two files contain the public keys for the leaf systems. copy them to <code class="filename">/etc/ipsec.d/certs/</code> on both machines. <code class="filename">testca-cert.pem</code> is the public key of the CA. This file goes onto both machines into <code class="filename">/etc/ipsec.d/cacerts/</code>. <code class="filename">crl.pem</code> is the certificate revoke list for the CA, which contains a list of disabled certificates. It is normally empty, you would add a cert to this list in case it is stolen, or otherwise compromised. The key files need only to be present on the router they belong to, so <code class="filename">west-key.pem</code>would only go to <code class="filename">/etc/ipsec.d/private/ </code> on router west.<br />
<br />
These keys are sensitive information, you should <span class="bold">'''NOT'''</span> put them all on all machines as breaking into this one would compromise them all!<br />
<br />
==Configuration==<br />
<br />
===ipsec.secrets===<br />
Edit /etc/ipsec.secrets.<br />
<br />
Change it to look like this (of course use the real password for this key and not "password".<br />
<br />
<nowiki><br />
# This file holds shared secrets or RSA private keys for inter-Pluto<br />
# authentication. See ipsec_pluto(8) manpage, and HTML documentation.<br />
<br />
# RSA private key for this host, authenticating it to any other host<br />
# which knows the public part. Suitable public keys, for ipsec.conf, DNS,<br />
# or configuration of other implementations, can be extracted conveniently<br />
# with "ipsec showhostkey".<br />
: west-key.pem "password"<br />
# do not change the indenting of that "}"</nowiki><br />
<br />
===ipsec.conf===<br />
<code class="filename">/etc/ipsec.conf</code> is the main configuration file for openswan ipsec. For our example, it would look like this for router west:<br />
<br />
<nowiki># /etc/ipsec.conf - Openswan IPSec configuration file<br />
# RCSID $Id: bucu-openswan.xml,v 1.2 2005/11/29 17:13:32 mhnoyes Exp $<br />
<br />
# This file: /usr/share/doc/openswan/ipsec.conf-sample<br />
#<br />
# Manual: ipsec.conf.5<br />
<br />
<br />
version 2.0 # conforms to second version of ipsec.conf specification<br />
<br />
# basic configuration<br />
config setup<br />
# plutodebug / klipsdebug = "all", "none" or a combation from below:<br />
# "raw crypt parsing emitting control klips pfkey natt x509 private"<br />
# eg:<br />
# plutodebug="control parsing"<br />
#<br />
# Only enable klipsdebug=all if you are a developer<br />
#<br />
# NAT-TRAVERSAL support, see README.NAT-Traversal<br />
# nat_traversal=yes<br />
# virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12<br />
interfaces=%defaultroute<br />
<br />
# Add connections here<br />
<br />
# sample VPN connection<br />
conn sample<br />
# Left security gateway, subnet behind it, nexthop toward right.<br />
left=%defaultroute<br />
leftsubnet=192.168.1.0/24<br />
leftcert=west-cert.pem<br />
# Right security gateway, subnet behind it, nexthop toward left.<br />
right=east.dyndns.org<br />
rightsubnet=192.168.2.0/24<br />
rightcert=east-cert.pem<br />
# To authorize this connection, but not actually start it,<br />
# at startup, uncomment this.<br />
auto=start<br />
<br />
#Disable Opportunistic Encryption<br />
include /etc/ipsec.d/examples/no_oe.conf</nowiki><br />
<br />
The %defaultroute entry in interfaces and as left causes openswan to get the corresponding entries by looking at which interface the default route of the system is on. This is normally ok for dynamic connections (DSL, Cable, DHCP). If you have a static IP and are connected to a router via eth1 the interfaces and left entries might look like this (172.16.0.1 is the IP of this router, 172.16.0.2 the IP of router west. Please note that in this case the leftnexthop entry is mandatory!.<br />
<br />
interfaces="ipsec0=eth1"<br />
left=172.16.0.2<br />
leftnexthop=172.16.0.1<br />
<br />
For router east, you take the same file, put it onto that machine and exchange the left and right values, to look like:<br />
<br />
<nowiki># /etc/ipsec.conf - Openswan IPSec configuration file<br />
# RCSID $Id: bucu-openswan.xml,v 1.2 2005/11/29 17:13:32 mhnoyes Exp $<br />
<br />
# This file: /usr/share/doc/openswan/ipsec.conf-sample<br />
#<br />
# Manual: ipsec.conf.5<br />
<br />
<br />
version 2.0 # conforms to second version of ipsec.conf specification<br />
<br />
# basic configuration<br />
config setup<br />
# plutodebug / klipsdebug = "all", "none" or a combation from below:<br />
# "raw crypt parsing emitting control klips pfkey natt x509 private"<br />
# eg:<br />
# plutodebug="control parsing"<br />
#<br />
# Only enable klipsdebug=all if you are a developer<br />
#<br />
# NAT-TRAVERSAL support, see README.NAT-Traversal<br />
# nat_traversal=yes<br />
# virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12<br />
interfaces=%defaultroute<br />
<br />
# Add connections here<br />
<br />
# sample VPN connection<br />
conn sample<br />
# Left security gateway, subnet behind it, nexthop toward right.<br />
left=west.dyndns.org<br />
leftsubnet=192.168.1.0/24<br />
leftcert=west-cert.pem<br />
# Right security gateway, subnet behind it, nexthop toward left.<br />
right=%defaultroute<br />
rightsubnet=192.168.2.0/24<br />
rightcert=east-cert.pem<br />
# To authorize this connection, but not actually start it,<br />
# at startup, uncomment this.<br />
auto=start<br />
<br />
#Disable Opportunistic Encryption<br />
include /etc/ipsec.d/examples/no_oe.conf</nowiki><br />
<br />
You do not need to be consistent in what you call left and right at both machines. But it makes things a lot easier if you do keep that naming.<br />
<br />
====Configure shorewall====<br />
Add a new zone to /etc/shorewall/zones:<br />
<br />
vpn VPN Remote Subnet<br />
<br />
Add the ipsec interface to /etc/shorewall/interfaces:<br />
<br />
vpn ipsec+<br />
<br />
Note that we added a wildcard ("+") to the tun interface so the vpn zone applies to all tun interfaces - important if you want to support more than one IPSec enabled interface.<br />
<br />
You can either open the traffic between the vpn zone and the local net completely with adding<br />
<br />
loc vpn ACCEPT<br />
vpn loc ACCEPT<br />
<br />
to /etc/shorewall/policy - or just add the ports you want to open in /etc/shorewall/rules.<br />
<br />
As last step add your vpn to the shorewall tunnel definitions (/etc/shorewall/tunnels)<br />
<br />
ipsec net 0.0.0.0/0<br />
<br />
Note: The gateway is defined as "0.0.0.0/0" to support remote hosts with dynamic ip addresses.<br />
<br />
===Starting Openswan===<br />
<br />
====Manual====<br />
To test the server configuration you can manually start Openswan with the command<br />
<br />
<span class="command">'''<nowiki># /etc/init.d/ipsec start</nowiki>'''</span><br />
<br />
====Automatic====<br />
After a (re)boot the <code class="filename">/etc/init.d/ipsec</code> script starts all tunnels that have a definition file in <code class="filename">/etc/ipsec.conf</code> and are marked with a<br />
<br />
auto=start<br />
<br />
in the definition of the connection.<br />
<br />
====Checking====<br />
Check <code class="filename">/var/log/daemon.log</code> and <code class="filename"> /var/log/auth.log</code> for the status of your ipsec tunnels. You can also use <span class="command">'''ipsec auto --status'''</span><br />
<br />
==Links==<br />
<br />
===Openswan links===<br />
[http://openswan.org/ Openswan main page]<br />
<br />
<br />
----<br />
{| summary="Navigation footer" width="100%"<br />
| width="40%" align="left" | [[Bering-uClibc 5.x - User Guide - Advanced Topics - Setting Up a Wireless Access Point|Prev]]<br />
| width="20%" align="center" | [[Bering-uClibc 5.x - User Guide - Advanced Topics|Up]]<br />
| width="40%" align="right" | [[Bering-uClibc 5.x - User Guide - Advanced Topics - Setting Up a Routing Daemon|Next]]<br />
|}<br />
<br />
[[Category:Bering-uClibc 5.x]]<br />
[[Category:User Guide]]</div>Kapeka