Difference between revisions of "OpenVPN-Setup"

From OpenPLi Wiki
Jump to: navigation, search
(Created page with "This is an experimental setup, using the command line, so please report any error or problems here in the [https://forums.openpli.org/topic/47406-build-a-server-vpn-with-openv...")
 
Line 1: Line 1:
 
This is an experimental setup, using the command line, so please report any error or problems here in the [https://forums.openpli.org/topic/47406-build-a-server-vpn-with-openvpn-create-certificate-files-configure-client-side/#entry650397<span style="color:SteelBlue">Forum</span>]
 
This is an experimental setup, using the command line, so please report any error or problems here in the [https://forums.openpli.org/topic/47406-build-a-server-vpn-with-openvpn-create-certificate-files-configure-client-side/#entry650397<span style="color:SteelBlue">Forum</span>]
  
#Install openvpn using the command line  
+
# Install openvpn using the command line  
  
 
  opkg install openvpn
 
  opkg install openvpn
  
#Create files ca.crt, server.crt, server.key, same files for clients, client.crt, client.key, following this [https://community.openvpn.net/openvpn/wiki/Easy_Windows_Guide<span style="color:SteelBlue">link</span>]  
+
# Create files ca.crt, server.crt, server.key, same files for clients, client.crt, client.key, following this [https://community.openvpn.net/openvpn/wiki/Easy_Windows_Guide<span style="color:SteelBlue">link</span>]  
  
  
#all files have to be .pem extension. Let's to convert the files, so follow this [https://blog.didiers...ssl-on-windows/<span style="color:SteelBlue">guide</span>]  
+
# All files have to be .pem extension. Let's to convert the files, so follow this [https://blog.didiers...ssl-on-windows/<span style="color:SteelBlue">guide</span>]  
  
  

Revision as of 10:38, 27 January 2019

This is an experimental setup, using the command line, so please report any error or problems here in the Forum

  1. Install openvpn using the command line
opkg install openvpn
  1. Create files ca.crt, server.crt, server.key, same files for clients, client.crt, client.key, following this link


  1. All files have to be .pem extension. Let's to convert the files, so follow this guide



up to finish this three last steps:

set RANDFILE=c:\demo\.rnd set OPENSSL_CONF=C:\OpenSSL-Win32\bin\openssl.cfg c:\OpenSSL-Win32\bin\openssl.exe

Now, in this mode, you can convert .crt and .key files to .pem for server files, to put in stb at /etc/openvpn/

$ openssl> x509 -in filename.crt -inform DER -out filename.crt.pem -outform PEM $ openssl> rsa -in filename.key -out filename.key.pem -outform PEM

The ca.cert file, he have to open the certificate in windows OS and select details tab> copy file>convert to binary DER x509 and select destination folder to save.


Then we convert the ca.cer file to .pem file:

OpenSSL>x509 -inform DER -in ca.cer -outform PEM -out ca.pem

All these conversions to .pem extension is based on openvpn --help binnary information of our instalation of openvpn in our STB, maybe it's not necessary.


dh2048.pem have to locate at openvpn config directory too, /etc/openvpn


I add two extra .pem files to the directory 01.pem and 02.pem, they have been generated on the files creation, they contains key info, I dont know if there is duplicity of information.


Lets to put the server config file parameters /etc/openvpn/server.conf

local 192.168.xxx.xxx (local network IP) server 10.8.0.0 255.255.255.0 (for example) tls-server proto udp port 443 (sample port) dev tun ca ca.pem dh dh2048.pem cert server.crt.pem key server.key.pem extra-certs 01.pem extra-certs 02.pem ifconfig-pool-persist ipp.txt comp-lzo float ping-timer-rem persist-key persist-tun status openvpn-status.log log openvpn.log verb 3 keepalive 10 120

Client profile *.ovpn (tested on android openvpn app).

client dev tun proto udp remote 'hostname(NOIP) or Public IP' 443 (sample port) resolv-retry infinite nobind persist-key persist-tun mute-replay-warnings ca /file_path/ca.crt cert /file_path/client.crt key /file_path/client.key ns-cert-type server cipher bf-cbc comp-lzo verb 3 mute 20

The port we are going to use to vnp connection have to be opened, of course, and you can forward to other external different port as you know.


Happy VPN connection.