What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

OpenVPN ca.key stored ?

R

Rooby

Regular Contributor
Hello

I just looked at the /jffs/openvpn/ foder and I found a vpn_crt_server1_ca_key file.
I also found ca.key on /etc/openvpn/server1/
But ca.key should never be stored on the router only the ca.crt.

Also there is a vpn_crt_server_client_crt and vpn_crt_server_client_key file . But I have not enabled any OpenVP client on the router.

Are these files filled with random values ? Are they somehow used?

Rooby
 
If you let the router automatically generate a CA for you, then it will need to generate a key before it can generated the self-signed CA (which will be used to sign the server certificate).

I assume Asus preserve these files because, since they are auto-generated, they can't be stored anywhere else without user intervention, and the user might need them if he were to expand the default configuration into one involving client certificates.

If you need to tighten security, then my recommendation would be to not rely on the auto-generated files, and generate everything yourself using Easy-RSA or otherwise. Then you can keep only what is really necessary on your router, and move the rest elsewhere.
 
Thanks RMerlin.
I do my keys anyway be myself. So you mean I can delete the ones which are not used?
 
Rooby said:
Thanks RMerlin.
I do my keys anyway be myself. So you mean I can delete the ones which are not used?
Click to expand...

Yes, tho they shouldn't have any impact anyway if they aren't used.
 
You must log in or register to reply here.

Similar threads

W
OpenVPN Server set to LAN only allows browsing
Replies
14
Views
1K
ColinTaylor
C
bengalih
Bug with corrupted passwords in OpenVPN Server
Replies
14
Views
1K
gk802
G
H
Question About NVRAM Keys/Values Stored in JFFS
Replies
11
Views
2K
Yota
Yota
D
Access offline devices list from Web UI
Replies
5
Views
3K
glens
G
XIYO
Solved The settings in /jffs/config/ are not being applied.
Replies
2
Views
1K
SomeWhereOverTheRainBow
SomeWhereOverTheRainBow
Similar threads
Thread starter Title Forum Replies Date
R AC68U - can't set up OpenVPN Asuswrt-Merlin 3
J RT-AC88U drops the OpenVPN inbound ACCEPT iptables rule after a time Asuswrt-Merlin 14
S No internet for router clients (OpenVPN + stunnel) Asuswrt-Merlin 6
Harry Azcrac ASUS Merlin on RT-AC86U OpenVPN Server not blocking IP when a client connects Asuswrt-Merlin 2
outlaw78 OpenVPN Setting Merlin AXE-16000 Asuswrt-Merlin 1
F OpenVPN Server - Client speeds seem capped at 20mbps?? Asuswrt-Merlin 2
Viktor Jaep OpenVPN Client Connection through existing OpenVPN Router Connection causes DISCONNECT Asuswrt-Merlin 29
M 2 separate clients on OpenVPN server Asuswrt-Merlin 4
D Solved Openvpn client dns Asuswrt-Merlin 2
D WireGuard removing OpenVPN on ASUS Routers ? Asuswrt-Merlin 2

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 493 (members: 12, guests: 481)
Back
Top