OpenVpn is a Server component that will allow you to create a secure virtual Network between your Windows Workstation and your Mybook.
In other words, the idea is to be in the same situation as if you were in your local home wifi network, even if you are at the other side of the planet.
This will allow you to map a network drive to your Mybook remotely, putty your Mybook without opening the Port 22 on your Router, and even connect to your others family computers from your office !

ma_ko did the hard work of compiling the necessary component "tun.ko" and he uploaded it here.
and now, it is possible to install open-vpn from optware …

Prerequisites before installation :

  • openssl is needed, check that the ipkg openssl package has already been installed.
  • ipkg must be fully configured : on my mybook, i can access openssl and openvpn from any folder without providing the complete path.

check that when you type opens , then type <TAB> the mybook complete with openssl

  • Gather all the following information before you start :

Request some help in the forum if you are unsure of the values that are suitable for your configuration.

Family Network configuration : (what kind of ip address do your computers and mybook have?)
<FamilyNetworkIPaddress>=(mine is
<FamilyNetworkMask>=mine is (

<VpnNetworkIPaddress>=(mine is
<VpnNetworkMask>=mine is (

<InternalMybookIPAddress>=mine is (
<PublicMybookIPAddress>= ( how do you connect to your Mybook when you are not at home?)
<PublicMybookName>= (Optional, if you do not have a public name for your Mybook, use it's public ip address, if you use dyndns, then use the Name)

Office Network Configuration :
<OpenVpnPort> =port that you will use for your openvpn connection. ( some proxies perform some filtering on the standard 1194 port)

Your Office Internet Access Mode : With Proxy? Without Proxy?
if you cannot ping , but you can browse via internet explorer, then you have a proxy.

If you have a proxy, you will need the following :

If your proxy needs a user and password, you will need the following :

In the following tutorial, when i will use <FamilyNetworkIPaddress> in a command line , it will mean that you will have to replace
<FamilyNetworkIPaddress> by your value.

if you cannot figure out what are these informations , then you should 'nt go further.

Installation Procedure on the Mybook :

Download the tun module :

mkdir /lib/modules/
wget -O /lib/modules/

Configure the tun module :
Run the following command to add /lib/modules/ at the end of the modules.dep file.
(Be carefull to launch only once the following command. if you have a doubt, check first if the line is already present in the file)

echo /lib/modules/>>/lib/modules/

load the tun module :

modprobe tun

install open-vpn :

/opt/bin/ipkg update
/opt/bin/ipkg install openvpn
/opt/bin/ipkg install lzo

Download the custom S20openvpn startup script , openvpn.cnf and easy-rsa tools:

wget   -O /opt/etc/init.d/S20openvpn
wget   -O /opt/etc/openvpn/openvpn.conf
wget  -O /opt/etc/openvpn/easy-rsa.tar
chmod a+x /opt/etc/init.d/S20openvpn
cd /opt/etc/openvpn/
tar -xf /opt/etc/openvpn/easy-rsa.tar
cd /opt/etc/openvpn/easy-rsa

At this point, it is CRITICAL to check that the current folder is /opt/etc/openvpn/easy-rsa
launch the following command :


The command should return /opt/etc/openvpn/easy-rsa
do not continue this tutorial if it is not the case.

If you are in the correct folder, then launch the following commands to generate certificates files :

. ./vars

You should see the following exact output :
NOTE: when you run ./clean-all, I will be doing a rm -rf on /opt/etc/openvpn/easy-rsa/keys

Then type the following

. ./clean-all
. ./build-ca
. ./build-key-server OpenVPNserver

you will be asked some questions: type "ENTER" except for the following one:

Common Name (eg, your name or your server's hostname) []:

Answer your <PublicMybookIPAddress> ip address ( or <PublicMybookName> if your Mybook have a public name).

When you are asked for a challenge phrase, type "ENTER".

When you are requested to sign a certificate, type y :
Sign the certificate? [y/n]: y

Launch the following command :

. ./build-dh

The process is quite long : it took 1H on my Mybook…. you may see 20 lines of +++++ :-)
be patient.

Launch the following command :

. ./build-key OVClient

you will be asked some questions: type "ENTER" except for the following one:

Common Name (eg, your name or your server's hostname) []:
Type : OVClient

When you are asked for a challenge phrase, type "ENTER".

When you are requested to sign a certificate, type y :
Sign the certificate? [y/n]: y

when it is finished, then you can copy the newly generated certificates to the correct folders :

cp /opt/etc/openvpn/easy-rsa/keys/ca.crt /opt/etc/openvpn/ca.crt
cp /opt/etc/openvpn/easy-rsa/keys/OpenVPNserver.crt /opt/etc/openvpn/OpenVPNserver.crt
cp /opt/etc/openvpn/easy-rsa/keys/OpenVPNserver.key /opt/etc/openvpn/OpenVPNserver.key

also prepare Client configuration files that will be used on the Client side :

mkdir /shares/internal/PUBLIC/OVClient
cp /opt/etc/openvpn/easy-rsa/keys/OVClient.crt /shares/internal/PUBLIC/OVClient/OVClient.crt
cp /opt/etc/openvpn/easy-rsa/keys/ca.crt /shares/internal/PUBLIC/OVClient/ca.crt
cp /opt/etc/openvpn/easy-rsa/keys/OVClient.key /shares/internal/PUBLIC/OVClient/OVClient.key
chown -R www-data:www-data /shares/internal/PUBLIC/OVClient

edit the openvpn configuration file :

You now need to edit the openvpn.conf file to your specific configuration :

nano /opt/etc/openvpn/openvpn.conf

NOTE: you must have nano text editor installed or your own text editor.

If you want to use a different port than the default 1194 port (this is usefull if your office proxy is filtering the 1194 port ):
(1194 is the default port for openvpn, but i had to modify it to 8000, because my Office Proxy does not allow port 1194…)

port 1194 by

port <OpenVpnPort>

Modify your Home family Network information :
push "route" by

push "route <FamilyNetworkIPaddress> <FamilyNetworkMask>"

Modify the VPN ip addresses that will be given to clients : these addresses should be different from the ones you have at home and the one you have in the office…

server <VpnNetworkIPaddress> <VpnNetworkMask>

Nice tip : you want to have a clear vision of your conf file?

egrep -v '#|;|^$' /opt/etc/openvpn/openvpn.conf |sort

You can now start openvpn :


you can type

ps -ef|grep openvpn

to check if openvpn is running

you can type the following to check all the ports that are currently used ( LISTEN)

netstat -an|grep -i list

You should see your listening port in the list…
  • Installation Procedure on your Client computer

Download the Windows Openvpn client :
download openvpn-2.0.9-install.exe

Downloader l'interface graphique openvpn-gui :
download openvpn-2.0.9-gui-1.0.3-install.exe

Install download openvpn-2.0.9-install.exe

go to c:\program files\openvpn\config
create a subfolder named OVClient
copy the \\Mybook\PUBLIC\OVClient\*.* files to c:\program files\openvpn\config\OVClient

edit the c:\program files\openvpn\config\OVClient\OVClient.ovpn file to configure your Mybook Public Address :
(you can also use your <PublicMybookName>)

remote <mybook-server> 1194

remote <PublicMybookIPAddress> <OpenVpnPort>

If you need to go thru a proxy, modify your proxy settings
uncomment the ;http-proxy line and modify it with your proxy configuration:
http-proxy <ProxyServer> <ProxyPort> proxy_auth.txt basic

create a c:\program files\openvpn\config\OVClient.ovpn\proxy_auth.txt text file that will contain 2 lines :


note that Proxy user is something like


Now, Start the Client VPN by launching OpenVPNGUI when you are at the office, (launch the openvpn-gui.exe file)

RightClick on the openvpn icon, select OVClient / Connect

You should be connected.

Now, you can check the following on your laptop :

ipconfig /all : you should have a new network card named TAP-Win32 adapter…
with an ip address…192.168.1.X

route print : you should see a line with your home network ip addresses : with a gateway in 192.168.1.X

Accessing other computers on your Home Network

Simply add a route on each of your home windows computers:
launch a cmd command on each of your windows computers :

route add MASK <YourInternalMybookIPAddress> -p

Replace by the ip address that you have decided to give to your client computers…
For me, <YourInternalMybookIPAddress>= …

in order to see all the routes type the following command :

route print

note that if you want to delete the route : (one day or if something is going wrong …)

route delete

Connect from your office and ping the other computers of your home network…

if you have a secondary mybook (be Carefull, not the mybook where you installed openvpn ! ) at home :launch the following command on it :

 route add -net netmask gw <YourInternalMybookIPAddress>

to delete the route

 route del -net netmask gw <YourInternalMybookIPAddress>

Replace by the ip address that you have decided to give to your client computers…
For me, <YourInternalMybookIPAddress>= …

Thanks to ma_ko and teinturman.

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License