OpenWrt Forum Archive

Topic: Create Custom Firmware with OpenVpn

The content of this topic has been archived on 8 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
Samantha81
19 Jul 2017, 22:57

Hi all,
someone can help me about this:

Thanks in advance

Target:
redirect my PCs traffics into vpn tunnel

           +-[OpenWrt router]-------+
           |                                           |
           |          +[Wifi-LAN]-------+    |
pc1,pc2---+--| IP: 192.168.1.1 |     |
           |            +------------------+     |
           |                                           |
           |  +[OpenVPN client  ]+       |   +-[OpenVPN server  ]----+
           |   |                             |         |      | Public IP: x.x.x.x  | 
           |   | Iface: tun0           |    --+---    |                              |
           |   | IP: 10.2.1.6          |         |      +-----------------------+ 
           |      +------------------+           |
           |                                           |   

Problem:

i need create a custom firmware, but i don't know how sad

i saw this but it is a little difficult

wiki.openwrt.org/doc/howto/obtain.firmware.generate

or

ohnomoregadgets.wordpress.com/2013/08/20/building-minimal-openwrt-firmware-images/

it seem simple but i dont understand how add packeges sad


TP-Link TL-MR3420 v1

TL-MR3420
v1
15.05
s://downloads.openwrt.org/chaos_calmer/15.05.1/ar71xx/generic/openwrt-15.05.1-ar71xx-generic-tl-mr3420-v1-squashfs-factory.bin
s://downloads.openwrt.org/chaos_calmer/15.05.1/ar71xx/generic/openwrt-15.05.1-ar71xx-generic-tl-mr3420-v1-squashfs-sysupgrade.bin

           

root@OpenWrt:~# df -h
Filesystem                Size      Used Available Use%     Mounted on
rootfs                          512.0K    220.0K        292.0K      43% /
/dev/root                     2.3M      2.3M             0         100% /rom
tmpfs                        14.0M      1.1M         12.9M       8% /tmp
tmpfs                        14.0M     44.0K         13.9M       0% /tmp/root
tmpfs                       512.0K         0            512.0K       0% /dev
/dev/mtdblock3          512.0K    220.0K        292.0K      43% /overlay
overlayfs:/overlay      512.0K    220.0K        292.0K      43% /

i need add those packages ?

openvpn-openssl - 2.3.6-5 - Open source VPN solution using OpenSSL
openvpn-easy-rsa - 2013-01-30-2 - Simple shell scripts to manage a Certificate Authority
luci-app-openvpn - git-16.018.33482-3201903-1 - LuCI Support for OpenVPN
luci-i18n-openvpn-en - git-16.018.33482-3201903-1 - Translation for luci-app-openvpn - English

or those ?

openvpn-openssl_2.3.6-5_ar71xx.ipk
kmod-tun_3.18.23-1_ar71xx.ipk
liblzo_2.08-1_ar71xx.ipk
libopenssl_1.0.2g-1_ar71xx.ipk
zlib_1.2.8-1_ar71xx.ipk

root@OpenWrt:~# opkg install openvpn-openssl
Installing openvpn-openssl (2.3.6-5) to root...
Downloading ://downloads.openwrt.org/chaos_calmer/15.05.1/ar71xx/generic/packages/base/openvpn-openssl_2.3.6-5_ar71xx.ipk.[/url]
Installing kmod-tun (3.18.23-1) to root...
Downloading downloads.openwrt.org/chaos_calmer/15.05.1/ar71xx/generic/packages/base/kmod-tun_3.18.23-1_ar71xx.ipk.
Installing liblzo (2.08-1) to root...
Downloading downloads.openwrt.org/chaos_calmer/15.05.1/ar71xx/generic/packages/base/liblzo_2.08-1_ar71xx.ipk.[/url]
Installing libopenssl (1.0.2g-1) to root...
Configuring kmod-tun.
Configuring liblzo.
Collected errors:
 * verify_pkg_installable: Only have 228kb available on filesystem /overlay, pkg libopenssl needs 676
 * opkg_install_cmd: Cannot install package openvpn-openssl.

[b]#opkg list-installed[/b]

base-files - 157.2-r48532
busybox - 1.23.2-1
dnsmasq - 2.73-1
dropbear - 2015.67-1
firewall - 2015-07-27
fstools - 2016-01-10-96415afecef35766332067f4205ef3b2c7561d21
hostapd-common - 2015-03-25-1
ip6tables - 1.4.21-1
iptables - 1.4.21-1
iw - 3.17-1
jshn - 2015-11-08-10429bccd0dc5d204635e110a7a8fae7b80d16cb
jsonfilter - 2014-06-19-cdc760c58077f44fc40adbbe41e1556a67c1b9a9
kernel - 3.18.23-1-b2f200610f46d20ef52d269421369d0c
kmod-ath - 3.18.23+2015-03-09-3
kmod-ath9k - 3.18.23+2015-03-09-3
kmod-ath9k-common - 3.18.23+2015-03-09-3
kmod-cfg80211 - 3.18.23+2015-03-09-3
kmod-crypto-aes - 3.18.23-1
kmod-crypto-arc4 - 3.18.23-1
kmod-crypto-core - 3.18.23-1
kmod-gpio-button-hotplug - 3.18.23-1
kmod-ip6tables - 3.18.23-1
kmod-ipt-conntrack - 3.18.23-1
kmod-ipt-core - 3.18.23-1
kmod-ipt-nat - 3.18.23-1
kmod-ipv6 - 3.18.23-1
kmod-ledtrig-usbdev - 3.18.23-1
kmod-lib-crc-ccitt - 3.18.23-1
kmod-mac80211 - 3.18.23+2015-03-09-3
kmod-nf-conntrack - 3.18.23-1
kmod-nf-conntrack6 - 3.18.23-1
kmod-nf-ipt - 3.18.23-1
kmod-nf-ipt6 - 3.18.23-1
kmod-nf-nat - 3.18.23-1
kmod-nf-nathelper - 3.18.23-1
kmod-nls-base - 3.18.23-1
kmod-ppp - 3.18.23-1
kmod-pppoe - 3.18.23-1
kmod-pppox - 3.18.23-1
kmod-slhc - 3.18.23-1
kmod-usb-core - 3.18.23-1
kmod-usb2 - 3.18.23-1
libblobmsg-json - 2015-11-08-10429bccd0dc5d204635e110a7a8fae7b80d16cb
libc - 0.9.33.2-1
libgcc - 4.8-linaro-1
libip4tc - 1.4.21-1
libip6tc - 1.4.21-1
libiwinfo - 2015-06-01-ade8b1b299cbd5748db1acf80dd3e9f567938371
libiwinfo-lua - 2015-06-01-ade8b1b299cbd5748db1acf80dd3e9f567938371
libjson-c - 0.12-1
libjson-script - 2015-11-08-10429bccd0dc5d204635e110a7a8fae7b80d16cb
liblua - 5.1.5-1
libnl-tiny - 0.1-4
libubox - 2015-11-08-10429bccd0dc5d204635e110a7a8fae7b80d16cb
libubus - 2015-05-25-f361bfa5fcb2daadf3b160583ce665024f8d108e
libubus-lua - 2015-05-25-f361bfa5fcb2daadf3b160583ce665024f8d108e
libuci - 2015-08-27.1-1
libuci-lua - 2015-08-27.1-1
libxtables - 1.4.21-1
lua - 5.1.5-1
luci - git-16.018.33482-3201903-1
luci-app-firewall - git-16.018.33482-3201903-1
luci-base - git-16.018.33482-3201903-1
luci-lib-ip - git-16.018.33482-3201903-1
luci-lib-nixio - git-16.018.33482-3201903-1
luci-mod-admin-full - git-16.018.33482-3201903-1
luci-proto-ipv6 - git-16.018.33482-3201903-1
luci-proto-ppp - git-16.018.33482-3201903-1
luci-theme-bootstrap - git-16.018.33482-3201903-1
mtd - 21
netifd - 2015-12-16-245527193e90906451be35c2b8e972b8712ea6ab
odhcp6c - 2015-07-13-024525798c5f6aba3af9b2ef7b3af2f3c14f1db8
odhcpd - 2015-11-19-01d3f9d64486ac1daa144848944e877e7f0cb762
opkg - 9c97d5ecd795709c8584e972bfdf3aee3a5b846d-9
ppp - 2.4.7-6
ppp-mod-pppoe - 2.4.7-6
procd - 2015-10-29.1-d5fddd91b966424bb63e943e789704d52382cc18
rpcd - 2015-01-10-f00890cd6eb47ad9bb5da0fb6c50aedc8406e7c5
swconfig - 10
uboot-envtools - 2014.10-2
ubox - 2015-11-22-c086167a0154745c677f8730a336ea9cf7d71031
ubus - 2015-05-25-f361bfa5fcb2daadf3b160583ce665024f8d108e
ubusd - 2015-05-25-f361bfa5fcb2daadf3b160583ce665024f8d108e
uci - 2015-08-27.1-1
ud - 2015-11-08-fe01ef3f52adae9da38ef47926cd50974af5d6b7
ud-mod-ubus - 2015-11-08-fe01ef3f52adae9da38ef47926cd50974af5d6b7
usign - 2015-05-08-cf8dcdb8a4e874c77f3e9a8e9b643e8c17b19131
wpad-mini - 2015-03-25-1

i tried to install into ram

root@OpenWrt:~# opkg install openvpn-openssl -d ram
Installing openvpn-openssl (2.3.6-5) to ram...
Downloading ://downloads.openwrt.org/chaos_calmer/15.05.1/ar71xx/generic/packages/base/openvpn-openssl_2.3.6-5_ar71xx.ipk.[/url]
Installing kmod-tun (3.18.23-1) to ram...
Downloading ://downloads.openwrt.org/chaos_calmer/15.05.1/ar71xx/generic/packages/base/kmod-tun_3.18.23-1_ar71xx.ipk.[/url]
Installing liblzo (2.08-1) to ram...
Downloading ://downloads.openwrt.org/chaos_calmer/15.05.1/ar71xx/generic/packages/base/liblzo_2.08-1_ar71xx.ipk.[/url]
Installing libopenssl (1.0.2g-1) to ram...
Downloading ://downloads.openwrt.org/chaos_calmer/15.05.1/ar71xx/generic/packages/base/libopenssl_1.0.2g-1_ar71xx.ipk.[/url]
Installing zlib (1.2.8-1) to ram...
Downloading ://downloads.openwrt.org/chaos_calmer/15.05.1/ar71xx/generic/packages/base/zlib_1.2.8-1_ar71xx.ipk.[/url]
Configuring kmod-tun.
grep: /usr/lib/opkg/info/kmod-tun.control: No such file or directory
cat: can't open '/usr/lib/opkg/info/kmod-tun.list': No such file or directory
Configuring liblzo.
grep: /usr/lib/opkg/info/liblzo.control: No such file or directory
cat: can't open '/usr/lib/opkg/info/liblzo.list': No such file or directory
Configuring zlib.
grep: /usr/lib/opkg/info/zlib.control: No such file or directory
cat: can't open '/usr/lib/opkg/info/zlib.list': No such file or directory
Configuring libopenssl.
grep: /usr/lib/opkg/info/libopenssl.control: No such file or directory
cat: can't open '/usr/lib/opkg/info/libopenssl.list': No such file or directory
Configuring openvpn-openssl.
grep: /usr/lib/opkg/info/openvpn-openssl.control: No such file or directory
cat: can't open '/usr/lib/opkg/info/openvpn-openssl.list': No such file or directory

System
Hostname
OpenWrt
Model
TP-Link TL-MR3420 v1
Firmware Version
OpenWrt Chaos Calmer 15.05.1 / LuCI 15.05-149-g0d8bbd2 Release (git-15.363.78009-956be55)
Kernel Version
3.18.23

Post #2
jpricacho27
19 Jul 2017, 23:33

check out this link it works on my TP-Link WR841N V5 router

https://tokyobreeze.wordpress.com/2015/ … flash/amp/

basically you cannot install or even download libonpenssl package because you wont have enough sapace on your flash. so you can only install kmod-tun, liblzo and zlib additionally using luci webui and install libopenssl and openvpn-openssl on your ram with the link i gave you. goodluck.

(Last edited by jpricacho27 on 19 Jul 2017, 23:37)

Post #3
Samantha81
20 Jul 2017, 08:48
jpricacho27 wrote:

check out this link it works on my TP-Link WR841N V5 router

tokyobreeze.wordpress.com/2015/01/15/install-openvpn-in-a-router-with-4mb-flash/amp/

basically you cannot install or even download libonpenssl package because you wont have enough sapace on your flash. so you can only install kmod-tun, liblzo and zlib additionally using luci webui and install libopenssl and openvpn-openssl on your ram with the link i gave you. goodluck.

thank you very much for your replay smile

i'm thinking, i need to skip some steps(3,5,8 partially,12) if i have only a  .ovpn profile?

like this :

client
dev tun
proto tcp
sndbuf 0
rcvbuf 0
remote x.x.x.x 443
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
comp-lzo
setenv opt block-outside-dns
key-direction 1
verb 3
<ca>
-----BEGIN CERTIFICATE-----
.....
-----END CERTIFICATE-----
</ca>
<cert>
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 46 (0x2e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ChangeMe
        Validity
            Not Before: Jul xx 22:18:12 20xx GMT
            Not After : Jul xx 22:18:12 20xx GMT
        Subject: CN=xxx
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    x:x:x:x:xx:x:x:x:xx:x:x:x:x
                    x:x:x:x:xvx:x:x:x:xx:x:x:x:
                    x:x:x:x:xx:x:x:x:xx:x:x:x:x
                    x:x:x:x:xx:x:x:x:xx:x:x:x:x
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Subject Key Identifier: 
                21:x:x:x:x:xx:x:x:x:xx:x:x:x:xx:x:x:x:x
            X509v3 Authority Key Identifier: 
                keyid:x:x:x:x:xx:x:x:x:xx:x:x:x:xv
                DirName:/CN=xxx
                serial:x:x:x:x:x

            X509v3 Extended Key Usage: 
                TLS Web Client Authentication
            X509v3 Key Usage: 
                Digital Signature
    Signature Algorithm: sha256WithRSAEncryption
         x:x:x:x:xx:x:x:x:xx:x:x:x:xx:x:x:x:xx:x:x:x:x
         x:x:x:x:xx:x:x:x:xx:x:x:x:xx:x:x:x:xx:x:x:x:x
         x:x:x:x:xx:x:x:x:xx:x:x:x:xx:x:x:x:xx:x:x:x:x
         x:x:x:x:xx:x:x:x:xx:x:x:x:xx:x:x:x:xx:x:x:x:x
         x:x:x:x:xx:x:x:x:xx:x:x:x:xx:x:x:x:xx:x:x:x:x
-----BEGIN CERTIFICATE-----
.....
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
.......
-----END PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
......
-----END OpenVPN Static key V1-----
</tls-auth>

(Last edited by Samantha81 on 20 Jul 2017, 09:22)

Post #4
jpricacho27
20 Jul 2017, 10:14
Samantha81 wrote:
jpricacho27 wrote:

check out this link it works on my TP-Link WR841N V5 router

tokyobreeze.wordpress.com/2015/01/15/install-openvpn-in-a-router-with-4mb-flash/amp/

basically you cannot install or even download libonpenssl package because you wont have enough sapace on your flash. so you can only install kmod-tun, liblzo and zlib additionally using luci webui and install libopenssl and openvpn-openssl on your ram with the link i gave you. goodluck.

thank you very much for your replay smile

i'm thinking, i need to skip some steps(3,5,8 partially,12) if i have only a  .ovpn profile?

like this :

client
dev tun
proto tcp
sndbuf 0
rcvbuf 0
remote x.x.x.x 443
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
comp-lzo
setenv opt block-outside-dns
key-direction 1
verb 3
<ca>
-----BEGIN CERTIFICATE-----
.....
-----END CERTIFICATE-----
</ca>
<cert>
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 46 (0x2e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ChangeMe
        Validity
            Not Before: Jul xx 22:18:12 20xx GMT
            Not After : Jul xx 22:18:12 20xx GMT
        Subject: CN=xxx
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    x:x:x:x:xx:x:x:x:xx:x:x:x:x
                    x:x:x:x:xvx:x:x:x:xx:x:x:x:
                    x:x:x:x:xx:x:x:x:xx:x:x:x:x
                    x:x:x:x:xx:x:x:x:xx:x:x:x:x
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Subject Key Identifier: 
                21:x:x:x:x:xx:x:x:x:xx:x:x:x:xx:x:x:x:x
            X509v3 Authority Key Identifier: 
                keyid:x:x:x:x:xx:x:x:x:xx:x:x:x:xv
                DirName:/CN=xxx
                serial:x:x:x:x:x

            X509v3 Extended Key Usage: 
                TLS Web Client Authentication
            X509v3 Key Usage: 
                Digital Signature
    Signature Algorithm: sha256WithRSAEncryption
         x:x:x:x:xx:x:x:x:xx:x:x:x:xx:x:x:x:xx:x:x:x:x
         x:x:x:x:xx:x:x:x:xx:x:x:x:xx:x:x:x:xx:x:x:x:x
         x:x:x:x:xx:x:x:x:xx:x:x:x:xx:x:x:x:xx:x:x:x:x
         x:x:x:x:xx:x:x:x:xx:x:x:x:xx:x:x:x:xx:x:x:x:x
         x:x:x:x:xx:x:x:x:xx:x:x:x:xx:x:x:x:xx:x:x:x:x
-----BEGIN CERTIFICATE-----
.....
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
.......
-----END PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
......
-----END OpenVPN Static key V1-----
</tls-auth>

I think step 12 is optional. For steps 3 and 5, you can try to use your own config and see if it would work, if not, just upload the needed ca, cert and key file its only 1kb each file so it would not take that much space after all.

If I may just add, you might want to edit you opkg.conf file and change "lists_dir ext /var/opkg-lists" to "lists_dir ext /tmp/opkg-lists" so that all package list would be updated on your ram too and would not cause not enough space error when updating package list.

(Last edited by jpricacho27 on 20 Jul 2017, 10:16)

Post #5
jpricacho27
20 Jul 2017, 10:54

I just made a custom image for your router.

It is a LEDE Reboot based 17.01.2 build and all packages for openvpn-openssl are installed. Also OpenVPN version is updated than those of Chaos Calmer build.

you can download it here.

https://ufile.io/191st

Post #6
Samantha81
20 Jul 2017, 17:16
jpricacho27 wrote:

I just made a custom image for your router.

It is a LEDE Reboot based 17.01.2 build and all packages for openvpn-openssl are installed. Also OpenVPN version is updated than those of Chaos Calmer build.

you can download it here.

ufile.io/191st

omg thankyou so much smile
i update you when i will install it
thank you again

but now i need to understand how convert this ovpn config( actualy for OpenVPN APP on andoid ) to  work on this release  sad



client
dev tun
proto tcp
sndbuf 0
rcvbuf 0
remote x.x.x.x 443
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
comp-lzo
setenv opt block-outside-dns
key-direction 1
verb 3
<ca>
-----BEGIN CERTIFICATE-----
sadjsdhjksdnkjsdadsndslndasdsnlkdsnlkas
sadjsdhjksdnkjsdadsndslndasdsnlkdsnlkas
sadjsdhjksdnkjsdadsndslndasdsnlkdsnlkas
-----END CERTIFICATE-----
</ca>
<cert>
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 46 (0x2e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=XXXXxxXXXX
        Validity
            Not Before: Jul 13 22:18:12 2017 GMT
            Not After : Jul 11 22:18:12 2027 GMT
        Subject: CN=XXX
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    xx:xx:xxxx:xx:xxxx:xx:xxxx:xx:xx
                    xx:xx:xxxx:xx:xxxx:xx:xxxx:xx:xx
                    xxx:xx:xxxx:xx:xxxx:xx:xxxx:xx:xx
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Subject Key Identifier: 
                xx:xx:xxxx:xx:xxxx:xx:xxxx:xx:xx
            X509v3 Authority Key Identifier: 
                xx:xx:xxxx:xx:xxxx:xx:xxxx:xx:xx
                DirName:/CN=XXX
                xx:xx:xxxx:xx:xxxx:xx:xxxx:xx:xx

            X509v3 Extended Key Usage: 
                TLS Web Client Authentication
            X509v3 Key Usage: 
                Digital Signature
    Signature Algorithm: sha256WithRSAEncryption
         xx:xx:xxxx:xx:xxxx:xx:xxxx:xx:xx
         xx:xx:xxxx:xx:xxxx:xx:xxxx:xx:xx
         xx:xx:xxxx:xx:xxxx:xx:xxxx:xx:xx
-----BEGIN CERTIFICATE-----
xx:xx:xxxx:xx:xxxx:xx:xxxx:xx:xx
xx:xx:xxxx:xx:xxxx:xx:xxxx:xx:xx
xx:xx:xxxx:xx:xxxx:xx:xxxx:xx:xx
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
xx:xx:xxxx:xx:xxxx:xx:xxxx:xx:xx
xx:xx:xxxx:xx:xxxx:xx:xxxx:xx:xx
xx:xx:xxxx:xx:xxxx:xx:xxxx:xx:xx
-----END PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
xx:xx:xxxx:xx:xxxx:xx:xxxx:xx:xx
xx:xx:xxxx:xx:xxxx:xx:xxxx:xx:xx
xx:xx:xxxx:xx:xxxx:xx:xxxx:xx:xx
-----END OpenVPN Static key V1-----
</tls-auth>
Post #7
jpricacho27
21 Jul 2017, 02:19
Samantha81 wrote:
jpricacho27 wrote:

I just made a custom image for your router.

It is a LEDE Reboot based 17.01.2 build and all packages for openvpn-openssl are installed. Also OpenVPN version is updated than those of Chaos Calmer build.

you can download it here.

ufile.io/191st

omg thankyou so much smile
i update you when i will install it
thank you again

but now i need to understand how convert this ovpn config( actualy for OpenVPN APP on andoid ) to  work on this release  sad



client
dev tun
proto tcp
sndbuf 0
rcvbuf 0
remote x.x.x.x 443
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
comp-lzo
setenv opt block-outside-dns
key-direction 1
verb 3
<ca>
-----BEGIN CERTIFICATE-----
sadjsdhjksdnkjsdadsndslndasdsnlkdsnlkas
sadjsdhjksdnkjsdadsndslndasdsnlkdsnlkas
sadjsdhjksdnkjsdadsndslndasdsnlkdsnlkas
-----END CERTIFICATE-----
</ca>
<cert>
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 46 (0x2e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=XXXXxxXXXX
        Validity
            Not Before: Jul 13 22:18:12 2017 GMT
            Not After : Jul 11 22:18:12 2027 GMT
        Subject: CN=XXX
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    xx:xx:xxxx:xx:xxxx:xx:xxxx:xx:xx
                    xx:xx:xxxx:xx:xxxx:xx:xxxx:xx:xx
                    xxx:xx:xxxx:xx:xxxx:xx:xxxx:xx:xx
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Subject Key Identifier: 
                xx:xx:xxxx:xx:xxxx:xx:xxxx:xx:xx
            X509v3 Authority Key Identifier: 
                xx:xx:xxxx:xx:xxxx:xx:xxxx:xx:xx
                DirName:/CN=XXX
                xx:xx:xxxx:xx:xxxx:xx:xxxx:xx:xx

            X509v3 Extended Key Usage: 
                TLS Web Client Authentication
            X509v3 Key Usage: 
                Digital Signature
    Signature Algorithm: sha256WithRSAEncryption
         xx:xx:xxxx:xx:xxxx:xx:xxxx:xx:xx
         xx:xx:xxxx:xx:xxxx:xx:xxxx:xx:xx
         xx:xx:xxxx:xx:xxxx:xx:xxxx:xx:xx
-----BEGIN CERTIFICATE-----
xx:xx:xxxx:xx:xxxx:xx:xxxx:xx:xx
xx:xx:xxxx:xx:xxxx:xx:xxxx:xx:xx
xx:xx:xxxx:xx:xxxx:xx:xxxx:xx:xx
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
xx:xx:xxxx:xx:xxxx:xx:xxxx:xx:xx
xx:xx:xxxx:xx:xxxx:xx:xxxx:xx:xx
xx:xx:xxxx:xx:xxxx:xx:xxxx:xx:xx
-----END PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
xx:xx:xxxx:xx:xxxx:xx:xxxx:xx:xx
xx:xx:xxxx:xx:xxxx:xx:xxxx:xx:xx
xx:xx:xxxx:xx:xxxx:xx:xxxx:xx:xx
-----END OpenVPN Static key V1-----
</tls-auth>

That is simple. Just create a file called ca.ca, cert.cert and key.key and edit each file and paste the code starting from <ca> ending in </ca> in ca.ca file and same with the cert and key file.

Example, the ca.ca file should have this code on it

-----BEGIN CERTIFICATE-----
sadjsdhjksdnkjsdadsndslndasdsnlkdsnlkas
sadjsdhjksdnkjsdadsndslndasdsnlkdsnlkas
sadjsdhjksdnkjsdadsndslndasdsnlkdsnlkas
-----END CERTIFICATE-----

Notice that i have omitted <ca> and </ca> on it just paste from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE----- goodluck

Post #8
Samantha81
21 Jul 2017, 13:00
jpricacho27 wrote:

I just made a custom image for your router.

It is a LEDE Reboot based 17.01.2 build and all packages for openvpn-openssl are installed. Also OpenVPN version is updated than those of Chaos Calmer build.

you can download it here.

ufile.io/191st

I installed it but wi-fi does not seem to work (maybe We have to put some more packages in the firmware) ?

Thanks smile

Post #9
Samantha81
21 Jul 2017, 13:00
jpricacho27 wrote:

I just made a custom image for your router.

It is a LEDE Reboot based 17.01.2 build and all packages for openvpn-openssl are installed. Also OpenVPN version is updated than those of Chaos Calmer build.

you can download it here.

ufile.io/191st

I installed it but wi-fi does not seem to work (maybe We have to put some more packages in the firmware) ?

kmod-ath - 3.18.23+2015-03-09-3
kmod-ath9k - 3.18.23+2015-03-09-3
kmod-ath9k-common - 3.18.23+2015-03-09-3

Thanks smile

(Last edited by Samantha81 on 21 Jul 2017, 13:06)

The discussion might have continued from here.