OpenWrt Forum Archive

Topic: OpenVPN server-bridge - how to generate keys?

The content of this topic has been archived on 7 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
kslater
12 Dec 2005, 04:27

I've setup OpenVPN on a full-fledged Linux server and now I"d like to do the same for my new WRT54G with OpenWrt RC4. I've installed the OpenVPN ipkg and I have been able to get it running using a HowTo I found in this forum. That HowTo used a secret key configuration. What I'd like to setup is the server-bridge type of setup that allows multiple clients to connect using a pair of (pki) keys and a server cert.

Is this possible with the OpenVPN package that runs on OpenWrt? If so, how do I generate the required keys?

In the 2.0 package on my Linux server there are some shell scripts which create the keys. From the poking around I've done with the ipkg version of OpenVPN, those scripts aren't part of the package. Anyone been there and done that?

...Kevin

Post #3
kslater
12 Dec 2005, 14:35

I've read through the howto at least a few times. No problem with referring to the documentation on the OpenVPN site, but correct me if I'm wrong, the OpenVPN ipkg doesn't include all that the 'normal' OpenVPN distribution does. My question was specific to OpenVPN as it's packaged for OpenWrt. Am I missing something?

...Kevin

RItalMan wrote:

maybe the openvpn documentation will help you

http://www.openvpn.net

Post #4
netprince
12 Dec 2005, 14:54

You have to copy the certs from another machine, or copy the scripts to create the certs from another machine.  I have done both.  If you want to create the certs on openwrt, you have to install a few supporting packages: mini-perl, openssl-full, openssl-util, etc.   I cant remember exactly how I did it, but it wasn't too hard to figure out. 

For me, the hard part was understanding how certs work in general...

edit: typos

(Last edited by netprince on 12 Dec 2005, 15:54)

Post #5
ummon
12 Dec 2005, 22:38

I think I did a more or less similar setup like you are planning just a recently. For most parts I followed this howto http://p3f.gmxhome.de/OpenWRT/Configure-OpenVPN.html and adjusted some minor parts like the devicenames to my version of the hardware, the firewall to something between RC4 and that described in the howto or the OpenVPN config to use just 1 port for different clients.

For the keys it is possible to do that on the router (as described above) but I found it much easier and faster to do it outside using the easy-rsa scripts and the howto on http://www.openvpn.net and scp the keys to the router.

jpa

The discussion might have continued from here.