I want to create certificate for use openvpn in multi-client user server mode, but i don't know how do that in openwrt.

i usually used in linux distro this in /usr/local/openvpn-2.0/easy-rsa:

cd  /usr/local/openvpn-2.0/easy-rsa
vi vars
./clean-all
./build-ca (original certificate)
./build-key-server server (server certificate -- it creates file server.crt)
./build-dh (Diffie Hellman parameters)
openvpn --genkey --secret ta.key

but in openwrt i can't find them!

how can i do? i tryed with openssl...is it right?

this is my config file:

root@OpenWrt:~# cat /etc/openvpn/openvpn.conf
port 1194
proto udp
dev tun
ca /etc/openvpn/cert/ca.crt
cert /etc/openvpn/cert/server.crt
key /etc/openvpn/keys/internet_lan.key
dh /etc/openvpn/cert/dh1024.pem
server 192.168.253.0 255.255.255.0
#ifconfig-pool-persist ipp.txt
client-config-dir /etc/openvpn/client
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
verb 3

How can i make these certificates?
ca /etc/openvpn/cert/ca.crt
cert /etc/openvpn/cert/server.crt
key /etc/openvpn/keys/internet_lan.key
dh /etc/openvpn/cert/dh1024.pem

(Last edited by Giammin on 15 Dec 2005, 14:18)

It is possible and openssl is the right way, but I find it much simpler to create the certificates outside openwrt and scp them to the router, since normally there ahre no easy-rsa scripts in openwrt. Some tips for OpenVPN in servermode for multiple clients and certificate creation in openwrt are in theis thread:
http://forum.openwrt.org/viewtopic.php?id=3651

jpa

Thank you!
i think too that is better and faster to create them by a linux box.
i have to resume my old linuxbox!

I know its an old post - however I was searching for this answer today so thought i might dig it up.
The easiest way to fix this is:

ipkg install openvpn-easy-rsa

Then the tools you require will be at your disposal from the /etc/easy-rsa folder.

Cheers
Dangerzau