What's new
By:
SNBForums

This is a sample guest message. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

OpenVPN - generating additional client keys

W

wayner

Regular Contributor
So I have successfully set up OpenVPN using my router as the server and an iPad as the client.

I want to now set up some additional clients. Following the directions here do I just do the step of generating a new client key? Or do I have to rebuild the dh as well? That step always seems to come last in all OpenVPN tutorials that I have read and I am worried that if I just try to build a client key it will cause problems since that may be required to be done after building all server and client keys.

And when I build the client key what do I use for the common name? Do I use the name that I am putting in the command line, ie ./build-key iPhone1 - so do I now use iPhone one for the common name or do I use the same common name as I used when building the server key?

In addition, when I do the "Export ovpn file" from the Merlin web GUI - how do I know what client is being exported? Or does it matter? Can I use this one ovpn file with multiple clients?
 
when you use build-key whatever, you are just creating the key file names with the name 'whatever'. then you go through the script, just make sure the common name is unique; it will help you identify who/what is connecting in vpn status, too. i also set the 'name' to the common name, and pretty much auto-fill the rest with the script.

the diffie-hellman key is used [edit] to generate a shared secret [/edit] before the real encryption starts. at any time, you can generate a new one and replace the old without affecting any of the other keys, etc. afaik, larger DH keys provide like more possibilities of salts during encryption. too small and i guess there's more collisions/less randomness and the potential for like a quantum computer bruteforcing aes increases, or something to that effect. not an expert, so don't take this for gospel.

i have not used the export feature, but i believe it's designed to generate your basic configs and the keys are added to a folder containing the config, etc. i've only been using INLINE configurations, which i like because it means handling only a single file, but this way each OVPN will be unique to the user/device, thus requiring a bit more work
 
Last edited:
You must log in or register to reply here.

Similar threads

Sergyk
VPN client
Replies
6
Views
834
eibgrad
eibgrad
B
Unable to establish VPN connection to my PiVPN (ovpn) from my Asus RT-AC86U running Asuswrt-Merlin 386.14
Replies
1
Views
356
eibgrad
eibgrad
T
[Help] Problems setting up OpenVPN
Replies
7
Views
551
Thookie
T
N
dedicated router for OpenVPN
Replies
4
Views
495
eibgrad
eibgrad
blitzkrieg
Solved Create new client certs with existing CA (on-router)
Replies
7
Views
2K
Martinski
M
Similar threads
Thread starter Title Forum Replies Date
S No internet for router clients (OpenVPN + stunnel) Asuswrt-Merlin 0
Harry Azcrac ASUS Merlin on RT-AC86U OpenVPN Server not blocking IP when a client connects Asuswrt-Merlin 2
outlaw78 OpenVPN Setting Merlin AXE-16000 Asuswrt-Merlin 1
F OpenVPN Server - Client speeds seem capped at 20mbps?? Asuswrt-Merlin 3
Viktor Jaep OpenVPN Client Connection through existing OpenVPN Router Connection causes DISCONNECT Asuswrt-Merlin 29
M 2 separate clients on OpenVPN server Asuswrt-Merlin 4
D Solved Openvpn client dns Asuswrt-Merlin 2
D WireGuard removing OpenVPN on ASUS Routers ? Asuswrt-Merlin 2
T [Help] Problems setting up OpenVPN Asuswrt-Merlin 7
N dedicated router for OpenVPN Asuswrt-Merlin 4

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 417 (members: 14, guests: 403)
Back
Top