Merlin 374.43 AC66u OpenVpn help

[5mall5nail5]

Hey guys so I flashed my AC66u this evening - all is good. But I am trying to setup OpenVPN and having some issues. Firstly - does the firmware generate the OpenVPN config file (ovpn?)

Secondly, I have this error:

OpenVPN server failed to start! Check your configuration, then try disabling and re-enabling it. (Error code: 0)

I am super tired so I might just be looking past something, but here's my settings:

Merlin OpenVPN settings by Jon Kensy, on Flickr

Saw this in logs:

Jul 22 20:28:25 openvpn[6020]: OpenVPN 2.3.4 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jun 6 2014
Jul 22 20:28:25 openvpn[6020]: library versions: OpenSSL 1.0.0m 5 Jun 2014, LZO 2.06
Jul 22 20:28:25 openvpn[6020]: PLUGIN_INIT: POST /usr/lib/openvpn-plugin-auth-pam.so '[/usr/lib/openvpn-plugin-auth-pam.so] [openvpn]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
Jul 22 20:28:25 openvpn[6020]: Diffie-Hellman initialized with 512 bit key
Jul 22 20:28:25 openvpn[6020]: WARNING: POTENTIALLY DANGEROUS OPTION --client-cert-not-required may accept clients which do not present a certificate
Jul 22 20:28:25 openvpn[6020]: Cannot load certificate file server.crt: error:0906D06CEM routinesEM_read_bio:no start line: error:140AD009:SSL routines:SSL_CTX_use_certificate_fileEM lib
Jul 22 20:28:25 openvpn[6020]: Exiting due to fatal error
Jul 22 20:28:38 kernel: DROP <4>DROP IN=eth0 OUT=eth0 <1>SRC=93.180.5.26 DST=10.0.0.2 <1>LEN=60 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=UDP <1>SPT=40608 DPT=53 LEN=40

Thanks all!

 

[ParanoiA]

After you turn on the open vpn server there should b a spot to click that says export. That will give you a .ovpn file with randomly generated certs. Or you could set up your own certs and then export it. I've done it both ways and have it working. If the default certs aren't working for you, I would says do a factory reset and try again.

 

[frankie4fingers]

If you do it the way you mentioned and allow the router to create the ovpn file and therefore have an all in one solution in one file, how secure is this in comparison to going through the whole process of making your own ca, server and client cert(s)?

 

[RMerlin]

If you do it the way you mentioned and allow the router to create the ovpn file and therefore have an all in one solution in one file, how secure is this in comparison to going through the whole process of making your own ca, server and client cert(s)?

More secure than PPTP, but not as secure as using your own certificates. The bitsize is a bit lower (so it might take years instead of decades to crack it perhaps?), and it will share the same certificate between all clients (while do-it-yourself solutions usually have you create a separate client certificate for every client that has to connect).

I'd say secure enough for using at home, not secure enough for using in a commercial/business environment.

 

[frankie4fingers]

Thanks Merlin.

I have 2 external people who are family and friends who hook into my network from their home pc's so they can then access my NAS for grabbing family photos so I think that using the self generated cert would probably work fine.

At the end of the day it is more secure than opening up ports for FTP on the router and then having a u/n and p/w which is how I used to do it.

To date I haven't done it but I think I would enable the u/n and p/w as well for that extra bit of security rather than just the certs themselves.

Cheers