Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
technical:openvpn_setup [2018/12/03 08:52] – [Generate Certificates & Keys for Clients] bobtechnical:openvpn_setup [2018/12/20 13:18] (current) – [Generate the master Certificate Authority (CA) certificate & key] bob
Line 47: Line 47:
 ==== Generate the master Certificate Authority (CA) certificate & key ==== ==== Generate the master Certificate Authority (CA) certificate & key ====
  
-Use easy-rsa 2, a set of scripts which is bundled with OpenVPN. With the Windows OpenVPN client open up a Command Prompt window with administrative privileges and cd to c:\Program Files\OpenVPN\easy-rsa. Run the following batch file to copy configuration files into place (this will overwrite any preexisting vars.bat and openssl.cnf files):+Use easy-rsa 2, a set of scripts which is bundled with OpenVPN. With the Windows OpenVPN client open up a Command Prompt window with administrative privileges and cd to c:\Program Files\OpenVPN\easy-rsa. Run the following batch file to copy configuration files into place (this will overwrite any preexisting vars.bat and openssl.cnf files). Skip this if you already have vars.bat setup the way you like it. :
  
 <code>init-config</code> <code>init-config</code>
Line 79: Line 79:
 </code> </code>
  
 +Substitute "-enddate YYMMDDHHMMSSZ" to specify an end date instead.
  
 The final command (build-ca) will build the certificate authority (CA) certificate and key by invoking the interactive openssl command. My certificate looked like: The final command (build-ca) will build the certificate authority (CA) certificate and key by invoking the interactive openssl command. My certificate looked like:
Line 303: Line 304:
 [[https://wiki.dd-wrt.com/wiki/index.php/OpenVPN_Remote_Access_by_Static_Key_%28The_Simple_Way%29|OpenVPN Remote Access By Static Key (The Simple Way)]] [[https://wiki.dd-wrt.com/wiki/index.php/OpenVPN_Remote_Access_by_Static_Key_%28The_Simple_Way%29|OpenVPN Remote Access By Static Key (The Simple Way)]]
  
-To avoid IP address conflicts in a routed configuration:+Here is another great article on setting up a [[https://advancedhomeserver.com/dd-wrt-and-openvpn-part-3/|home OpenVPN server]]. 
 + 
 +When using tunneling mode, to avoid IP address conflicts in a routed configuration:
  
   * the private LAN IP subnet   * the private LAN IP subnet
Line 309: Line 312:
   * the remote LAN subnet   * the remote LAN subnet
  
-must all be different from each other.+must all be different from each other. I used bridge mode and avoided all the routing stuff.
  
 Choose subnets for the private LAN and the VPN that are unlikely to conflict. I chose 192.168.100.x for my home LAN. Choose subnets for the private LAN and the VPN that are unlikely to conflict. I chose 192.168.100.x for my home LAN.
Line 315: Line 318:
 ==== Customizable Web Page Setup Parameters ==== ==== Customizable Web Page Setup Parameters ====
  
-  * DD-WRT default settings in {}  +<WRAP center round tip 80%> 
-  * OpenVPN config example in []+Settings are stored in NVRAM which is limited in size. Only store the PEM version of keys and certs to save space. If there isn't enough space in NVRAM some of these settings will mysteriously disappear after saving. 
 +</WRAP>
  
 ^  Setting  ^ Description ^ Default ^ ^  Setting  ^ Description ^ Default ^