Setup for OpenVPN Server?

[tundrwd]

Not sure what I'm doing wrong, but the problem starts out with the inability to see any "export ovpn file" button that now seems to be a part of this latest release.

I'd like to create an .ovpn file for clients to use. The page mentions using the FAQ at the bottom of the page - but that is not an operable "button" or link on the page.

 

[sinshiva]

just do it by hand, this is my preferred method for ovpn's

(strongly recommend using notepad++ if you are making these on windows)

client
tls-client //i use bi-directional
remote-cert-tls server //i use bi-directional
tun-mtu 1383 //whatever you use
fragment 1379 //whatever you use
mssfix 1379 //whatever you use
verb 3
dev tun //i hear tun is faster than tap
remote blahblahblah.net 1194 udp
nobind //run on all interfaces
auth sha256 //whatever you use
float //makes it so i can use openvpn when on my own lan
cipher aes-128-cbc //whatever cipher you use
verify-x509-name SERVERCN name  //your server's CN
persist-tun //tells client not to close tunnel even when connect dropped
persist-remote-ip //so it doesn't send data in the clear

<ca>
-----BEGIN CERTIFICATE-----
CA cert used by everything
-----END CERTIFICATE-----

</ca>

<key>

-----BEGIN PRIVATE KEY-----
user private key
-----END PRIVATE KEY-----

</key>

<cert>

-----BEGIN CERTIFICATE-----
user public certificate
-----END CERTIFICATE-----

</cert>

<tls-auth>

-----BEGIN OpenVPN Static key V1-----
openssl generated static aka TA key
-----END OpenVPN Static key V1-----

</tls-auth>

 

[KenEsq]

Not sure what I'm doing wrong, but the problem starts out with the inability to see any "export ovpn file" button that now seems to be a part of this latest release.

I'd like to create an .ovpn file for clients to use. The page mentions using the FAQ at the bottom of the page - but that is not an operable "button" or link on the page.

The link to the FAQs (at least for Windows) goes to a null page at Asus for me. However, if you want the client config file click the export button (circled in red) and put it in the config folder for OpenVPN.

If you need the OpenVPN client itself, go here: http://openvpn.net/index.php/open-source/downloads.html

If you are installing the 64-bit client make sure and run the program the first time as an administrator or you'll likely get an error.

I should note that I'm one release behind the latest so things may have changed.

 

[tundrwd]

Well, screen looks different. It now (ver. 3.0.0.4.374.38_1) appears as the attached pic. No "export" option I can find.

 

[Martineau]

You have to enable the OpenVPN server instance (presumably so that it can validate the keys are indeed valid) BEFORE the GUI will allow the EXPORT button to appear! ;-)

 

[tundrwd]

You have to enable the OpenVPN server instance (presumably so that it can validate the keys are indeed valid) BEFORE the GUI will allow the EXPORT button to appear! ;-)

Ok, I'll buy that - but I've done that (enabled the server) - and still no button to export. Do the keys, etc. need to be entered as well before the export will appear (I presume so since you mentioned they might need to be validated)?

Is there a decent tut that gives pros/cons of static key vs. generating your own CA, vs. creating specific users/passwords, etc.? Esp. for ASUS/Merlin? Many of the tuts I run into are 2-3 years old, for tomato, etc. I realize there are lots of similarities, but I'm looking for something a tad more up-to-date with this new interface, etc. I've been much more on the client end for set-ups, not the server end. I understand the gist of what's going on, using easy-rsa (I've set up my own CA's for apache, etc.), but not so well the VPN side of things.

I want secure over easy to set up - within reason. I suspect anything I set up will be seen by the NSA anyway, so I'm more interested in just securing my comms from those who are nosy.

 

[tundrwd]

Ok, I'll buy that - but I've done that (enabled the server) - and still no button to export. Do the keys, etc. need to be entered as well before the export will appear (I presume so since you mentioned they might need to be validated)?

Is there a decent tut that gives pros/cons of static key vs. generating your own CA, vs. creating specific users/passwords, etc.? Esp. for ASUS/Merlin? Many of the tuts I run into are 2-3 years old, for tomato, etc. I realize there are lots of similarities, but I'm looking for something a tad more up-to-date with this new interface, etc. I've been much more on the client end for set-ups, not the server end. I understand the gist of what's going on, using easy-rsa (I've set up my own CA's for apache, etc.), but not so well the VPN side of things.

I want secure over easy to set up - within reason. I suspect anything I set up will be seen by the NSA anyway, so I'm more interested in just securing my comms from those who are nosy.

To be a bit more specific on the setup side of things - in setting up keys/CAs/etc - I can gen those with easy-rsa. I assume they need to be entered/pasted into the GUI interface - where then are they stored? I assume doing that I will have two copies - the ones I gen'ed with easy-rsa, and wherever they are stored within the 66U?