Gracias eduperez, por responder y lo que te estoy haciendo pasar
Estoy Siguiendo este manual, He modificado la ip de la lan de 192.168.1.1 a 192.168.0.1 que es la que uso yo
en la wiki de openwrt hay reseñas.
https://wiki.openwrt.org/doc/howto/vpn.openvpn
yo lo hice asi +-:
router_servidor con conexion a internet y conectado por ssh.
instalamos openvpn
opkg update
opkg install openvpn-openssl openvpn-easy-rsa
cd /etc/easy-rsa
clean-all
creamos los certificados (tarda lo suyo desde el router)
build-ca
build-dh
build-key-server server
build-key client
o tambien en pkcs12 que combina la ca y la hey en un solo fichero.
build-key-pkcs12 client
y los movemos a la carpeta /etc/openvpn
cd /etc/easy-rsa/keys
cp ca.crt ca.key dh1024.pem server.crt server.key /etc/openvpn/
el fichero ca.crt y client los deberás copiar al router cliente o al pc cliente de openvpn para que pueda conectarse, y si hay mas clientes pues generas mas certificado build-key-pkcs12 clienteXX.
OpenVpn puedes hacerlo por TUN o TAP, yo utilizo TUN.
en el servidor creamos la interficie como dice el manual
uci set network.vpn0=interface
uci set network.vpn0.ifname=tun0
uci set network.vpn0.proto=none
uci set network.vpn0.auto=1
y en el firewall le añadimos
uci add firewall rule
uci set firewall.@rule[-1].name=Allow-OpenVPN-Inbound
uci set firewall.@rule[-1].target=ACCEPT
uci set firewall.@rule[-1].src=*
uci set firewall.@rule[-1].proto=udp
uci set firewall.@rule[-1].dest_port=1194
uci add firewall zone
uci set firewall.@zone[-1].name=vpn
uci set firewall.@zone[-1].input=ACCEPT
uci set firewall.@zone[-1].forward=REJECT
uci set firewall.@zone[-1].output=ACCEPT
uci set firewall.@zone[-1].network=vpn0
uci add firewall forwarding
uci set firewall.@forwarding[-1].src='vpn'
uci set firewall.@forwarding[-1].dest='wan'
uci commit network
/etc/init.d/network reload
uci commit firewall
/etc/init.d/firewall reload
con esto hace que la vpn funcione por el puerto 1194 que deberas abrir en tu caso al router principal.
en /etc/config/openvpn lo tengo configurado asi.
config openvpn 'myvpn'
option enable '1'
option port '1194'
option proto 'udp'
option dev 'tun'
option client_to_client '1'
option keepalive '10 120'
option comp_lzo 'yes'
option persist_key '1'
option persist_tun '1'
option verb '3'
option mute '20'
option ifconfig_pool_persist '/tmp/ipp.txt'
option status '/tmp/openvpn-status.log'
option log '/tmp/openvpn.log'
option dh '/etc/openvpn/dh1024.pem'
option ca '/etc/openvpn/ca.crt'
option cert '/etc/openvpn/server.crt'
option key '/etc/openvpn/server.key'
# RED QUE LE DAREMOS AL SERVIDOR VPN
option server '10.8.0.0 255.255.255.0'
list push 'redirect-gateway def1 bypass-dhcp'
#IP LAN SERVER
list push 'route 192.168.0.0 255.255.255.0'
list push 'dhcp-option DNS 192.168.0.1'
list push 'dhcp-option DNS 8.8.8.8'
list push 'dhcp-option DNS 8.8.4.4'
#RED DEL CLIENTE PARA QUE EL SERVIDOR PUEDA VER LOS DISPOSITIVOS DE LA RED CLIENTE
option route '192.168.50.0 255.255.255.0'
option client_config_dir '/etc/openvpn/ccd/'
fichero /etc/openvpn/ccd/client
iroute 192.168.50.0 255.255.255.0
reiniciar router y deberias tener el servidor en marcha.
consultando el fichero tmp/openvpn-status.log o tmp/openvpn.log te saldra informacion del estado del servidor.
ahora solo te faltaria configurar el openvpn cliente.
He Conseguido crear las siguientes keys otra cosa es que esten bien
01.pem client.csr index.txt.attr.old server.csr
02.pem client.key index.txt.old server.key
ca.crt dh2048.pem serial
ca.key index.txt serial.old
client.crt index.txt.attr server.crt
Country Name (2 letter code) [US]:ES
State or Province Name (full name) [CA]:MAD
Locality Name (eg, city) [SanFrancisco]:MADRID
Organization Name (eg, company) [Fort-Funston]:EDGARDS
Organizational Unit Name (eg, section) [MyOrganizationalUnit]:EDGARDS
Common Name (eg, your name or your server's hostname) [client]:SERVER
Name [EasyRSA]:lpnjzxby
Email Address [me@myhost.mydomain]:edgards@edgards.com
Country Name (2 letter code) [US]:ES
State or Province Name (full name) [CA]:MAD
Locality Name (eg, city) [SanFrancisco]:MADRID
Organization Name (eg, company) [Fort-Funston]:EDGARDS
Organizational Unit Name (eg, section) [MyOrganizationalUnit]:EDGARDS
Common Name (eg, your name or your server's hostname) [client]:CLIENT
Name [EasyRSA]:lpnjzxby
Email Address [me@myhost.mydomain]:edgards@edgards.com
Este fichero no lo tengo yo.
fichero /etc/openvpn/ccd/client
iroute 192.168.50.0 255.255.255.0
Server /tmp/openvpn.log
Wed Apr 12 10:15:25 2017 OpenVPN 2.3.6 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jan 6 2015
Wed Apr 12 10:15:25 2017 library versions: OpenSSL 1.0.2f 28 Jan 2016, LZO 2.08
Wed Apr 12 10:15:25 2017 Diffie-Hellman initialized with 2048 bit key
Wed Apr 12 10:15:25 2017 WARNING: file '/etc/openvpn/server.key' is group or others accessible
Wed Apr 12 10:15:25 2017 Socket Buffers: R=[163840->131072] S=[163840->131072]
Wed Apr 12 10:15:25 2017 TUN/TAP device tun0 opened
Wed Apr 12 10:15:25 2017 TUN/TAP TX queue length set to 100
Wed Apr 12 10:15:25 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Apr 12 10:15:25 2017 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
Wed Apr 12 10:15:25 2017 /sbin/route add -net 192.168.50.0 netmask 255.255.255.0 gw 10.8.0.2
Wed Apr 12 10:15:25 2017 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
Wed Apr 12 10:15:25 2017 UDPv4 link local (bound): [undef]
Wed Apr 12 10:15:25 2017 UDPv4 link remote: [undef]
Wed Apr 12 10:15:25 2017 MULTI: multi_init called, r=256 v=256
Wed Apr 12 10:15:25 2017 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Wed Apr 12 10:15:25 2017 IFCONFIG POOL LIST
Wed Apr 12 10:15:25 2017 Initialization Sequence Completed
Alguien que tenga algun manual para tontos, por que estoy atontado