CATOP=./personalCA

CAKEY=./cakey.pem

CAREQ=./careq.pem

CACERT=./cacert.pem

cd /etc/ssl

mkdir $CATOP

mkdir $CATOP/certs

mkdir $CATOP/crl

mkdir $CATOP/newcerts

mkdir $CATOP/private

echo “00” > $CATOP/serial

echo “00” > $CATOP/crlnumber

touch $CATOP/index.txt

export OPENSSL_CONF=/etc/ssl/essetigiCA.cnf

copy /etc/ssl/openssl.cnf to personalCA.cnf and edit OrganizationName, Country, State, ecc fields.

Then execute:

openssl req -new -keyout $CATOP/private/$CAKEY -out $CATOP/$CAREQ

write a complex passhprase [...]]]> Launch this commands:

CATOP=./personalCA

CAKEY=./cakey.pem

CAREQ=./careq.pem

CACERT=./cacert.pem

cd /etc/ssl

mkdir $CATOP

mkdir $CATOP/certs

mkdir $CATOP/crl

mkdir $CATOP/newcerts

mkdir $CATOP/private

echo “00” > $CATOP/serial

echo “00” > $CATOP/crlnumber

touch $CATOP/index.txt

export OPENSSL_CONF=/etc/ssl/essetigiCA.cnf

copy /etc/ssl/openssl.cnf to personalCA.cnf and edit OrganizationName, Country, State, ecc fields.

Then execute:

openssl req -new -keyout $CATOP/private/$CAKEY -out $CATOP/$CAREQ

write a complex passhprase and remember it! Without it the CA is completely useless. It asks also for information about the CA.

Now we create our CA, it asks for the passphrase:

openssl ca -out $CATOP/$CACERT $CADAYS -extensions v3_ca -days 36500 -keyfile $CATOP/private/$CAKEY -selfsign -infiles $CATOP/$CAREQ

Server certificate:

openssl req -new -nodes -keyout $CATOP/private/server_key.pem -out $CATOP/certs/server_req.pem

openssl ca -out $CATOP/certs/server_cert.pem -days 13000 -extensions server_cert -infiles $CATOP/certs/server_req.pem

client certificate:

openssl req -new -nodes -keyout $CATOP/private/client01_key.pem -out $CATOP/certs/client01_req.pem

openssl ca -out $CATOP/certs/client01_cert.pem -days 10000  -infiles $CATOP/certs/client01_req.pem

That’s all.

# ipkg install http://downloads.openwrt.org/snapshots/ixp4xx/packages/hwclock_2.13.0.1-2_armeb.ipk

# vi /etc/ntpd.conf

server 193.204.114.232 server 193.204.114.233 server ntp1.inrim.it # or a ntp server near you server ntp2.inrim.it # or another ntp server near you listen on *

# /etc/init.d/ntpd [...]]]>

# ipkg install ppp openvpn chat openntpd

# ipkg install http://downloads.openwrt.org/snapshots/ixp4xx/packages/hwclock_2.13.0.1-2_armeb.ipk

• And let configure them:

# vi /etc/ntpd.conf

server 193.204.114.232
server 193.204.114.233
server ntp1.inrim.it # or a ntp server near you
server ntp2.inrim.it # or another ntp server near you
listen on *

# /etc/init.d/ntpd disable

# /etc/init.d/ntpd start

• We use a bridge configuration for network, edit /etc/config/network and add this line in eth0 section:

option type ‘bridge’

• Copy gprsd.sh in /usr/scripts
• Copy gprsd in /etc/default and edit it
• Copy custom-user-startup into /etc/init.d/

# /etc/init.d/custom-user-startup enable

• run # crontab -e and add

*/3 * * * * /usr/script/gprsd.sh checkrunning &

• copy chat and peers directory into /etc/ppp
• Copy openvpn into /etc
• Edit /etc/default/openvpn, add “ENABLED=1” and change config file
• Edit /etc/init.d/openvpn, add “ENABLED=0” and this to start () function:

if [ “$ENABLED” != “1” ] ; then
echo “$BIN disabled, check $DEFAULT”
exit 0
fi

• run #/etc/init.d/openvpn enable
• bla bla bla (nice in openvpn.conf)