Table of content
What is it about
This article focuses on the required packages and the necessary steps for creating certificates and setting up connections.
install a linux based distribution (e.g. white russian)
- take care, that you have around 1MB free space available
ipkg install openvpn ipkg install openvpn-easy-rsa
your /etc/openvpn/server.conf should contain at least the following settings:
local VPN_SERVER_IP port 443 tls-server dh dh2048.pem dev tun proto udp user nobody group nogroup chroot /var/tmp/openvpn persist-key persist-tun ca ca.crt cert SERVERNAME.crt key SERVERNAME.key ns-cert-type server
Prepare certificate database
walk through /etc/easy-rsa/vars and set (especially) the following options:
KEY_DIR=$EASY_RSA/keys (beware: this directory will get overridden, later)
Now the key directory (/etc/easy-rsa/keys) is filled with the database of your new shiny certificate authority and the key of the openvpn server. On the openWRT run the following for each client: Beware, that the Copy the resulting certificate and key files from
Create client certificates
On the openWRT run the following for each client:
Beware, that theCommon Name (CN) of all these certificates _must_ be different - otherwise they can never be in this VPN at the same time.
Copy the resulting certificate and key files from/etc/easy-rsa/ the client.