Menu
What's new
By:
Filters Better Search

OpenVPN - Generic keys/certs? How to add client?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

T

trek_520

Regular Contributor
Hi,

I finally got OpenVPN working.... I plan on putting together a guide once I have duplicated the process a couple of times.

But, how do I add more client computers? I assumed I could copy the \config directory with the client - ca.crt, client.ovpn, client.crt and client.keys. This does not work.

For more clients do the keys on the router have to be different? Is that what the client1 and 2 are for?

Sorry for he newbie questions - thanks in advance for any help.

T
 
For TLS, the client keys only need to be signed using the same CA key as the server certificate.

client1/client2 are only used when the router is behaving as a client, they have nothing to do with clients connecting to the router.
 
Thanks

So I am not sure what TLS really is, but I do understand the concept of signing the client keys with the master CA Key.

I guess my question was more around best practices for generating generic VS dedicated keys. Why or why not generic keys. It looks like you could create as many dedicated client keys as you would like... so how would/should you

1) keep these organized for a small group?
2) revoke dedicated keys from the router?

"client1/client2 are only used when the router is behaving as a client, they have nothing to do with clients connecting to the router." Does that mean you could have a permanent tunnel between sites without having to use the software?
 
trek_520 said:
Thanks

So I am not sure what TLS really is, but I do understand the concept of signing the client keys with the master CA Key.

I guess my question was more around best practices for generating generic VS dedicated keys. Why or why not generic keys. It looks like you could create as many dedicated client keys as you would like... so how would/should you

1) keep these organized for a small group?
2) revoke dedicated keys from the router?
Click to expand...

Typically one key per client. That way if a key gets compromised, or gets misplaced, you can revoke/reissue just that key.

Revoking keys is done with a CRL (certificate revocation list). You set crl-verify with the path to your CRL. Most likely stored on JFFS or an external drive. See the Revoking Certificates section of the OpenVPN HOWTO for more information.

Does that mean you could have a permanent tunnel between sites without having to use the software?
Click to expand...

Between two routers running OpenVPN, yes.
 
You must log in or register to reply here.

Similar threads

D
L2TP client on ax88U pro running latest merlin firmware how to add device
Replies
0
Views
192
dhbar
D
blitzkrieg
Solved Create new client certs with existing CA (on-router)
Replies
7
Views
2K
Martinski
M
T
[Help] Problems setting up OpenVPN
Replies
7
Views
532
Thookie
T
eibgrad
OpenVPN Client: mishandled route directives
Replies
7
Views
975
eibgrad
eibgrad
R
OpenVPN not saving the custom configuration for client-connect on ASUS GT-AX6000
Replies
6
Views
784
draharz
draharz
Similar threads
Thread starter Title Forum Replies Date
outlaw78 OpenVPN Setting Merlin AXE-16000 Asuswrt-Merlin 0
F OpenVPN Server - Client speeds seem capped at 20mbps?? Asuswrt-Merlin 2
Viktor Jaep OpenVPN Client Connection through existing OpenVPN Router Connection causes DISCONNECT Asuswrt-Merlin 29
M 2 separate clients on OpenVPN server Asuswrt-Merlin 4
D Solved Openvpn client dns Asuswrt-Merlin 2
D WireGuard removing OpenVPN on ASUS Routers ? Asuswrt-Merlin 2
T [Help] Problems setting up OpenVPN Asuswrt-Merlin 7
N dedicated router for OpenVPN Asuswrt-Merlin 4
N Solved OpenVPN Server split tunnell config Asuswrt-Merlin 5
C Connection to router by ip fails while remote over OpenVPN Asuswrt-Merlin 17

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Members online

Total: 699 (members: 26, guests: 673)
Top