Posted: Wed Sep 19, 2012 19:57 Post subject: OpenVPN Client on DDWRT
Hi,
I deployed an OpenVPN virtual appliance and I'm able to connect to it via regular OpenVPN client using username and password.
I need assistance in connecting my DDWRT router to the same OpenVPN appliance. I'm assuming that I need to configure certificates since DDWRT OpenVPN client doesn't even have the option to enter credentials, but I'm not sure where I can get the certificate key information needed by the DDWRT. Please point me in the right direction.
Joined: 26 May 2009 Posts: 183 Location: N34 31.872 E69 10.821 for now.
Posted: Thu Sep 20, 2012 1:57 Post subject:
You can use password auth.. You only need to save your username and password to a file in the temp directory.. I usaa startup script that echos to the /tmp directory. And then point to that file within openvpns additional configuration area. Im on my iPad currently.. Otherwise I'd type out a more in depth description with examples. Code on this thing is a pain because of autocorrect. _________________ The Peacock Thread <-- New? READ THIS!
------
Current: ASUS RT-N16 DD-WRT v24-sp2 mega(SVN revision 19519)Running OTRW - Take 2 on 8 GB Flash Disk. 128M swap + 7.5 GB ext2 on /opt Past:
ASUS WL500GP v2 [DD-WRT v24-sp2 (06/17/09) mega-(SVN 12307M NEWD Eko)]
Registered Linux User #491768
Joined: 26 May 2009 Posts: 183 Location: N34 31.872 E69 10.821 for now.
Posted: Thu Sep 20, 2012 3:04 Post subject:
Yes. You will still need to supply a few certificates for encryption, even with username and password auth if you specify encryption in your server configs. _________________ The Peacock Thread <-- New? READ THIS!
------
Current: ASUS RT-N16 DD-WRT v24-sp2 mega(SVN revision 19519)Running OTRW - Take 2 on 8 GB Flash Disk. 128M swap + 7.5 GB ext2 on /opt Past:
ASUS WL500GP v2 [DD-WRT v24-sp2 (06/17/09) mega-(SVN 12307M NEWD Eko)]
Registered Linux User #491768
Joined: 26 May 2009 Posts: 183 Location: N34 31.872 E69 10.821 for now.
Posted: Thu Sep 20, 2012 3:12 Post subject:
Read up on PKI. It's interesting stuff. using keys for authentication is MUCH more secure.. _________________ The Peacock Thread <-- New? READ THIS!
------
Current: ASUS RT-N16 DD-WRT v24-sp2 mega(SVN revision 19519)Running OTRW - Take 2 on 8 GB Flash Disk. 128M swap + 7.5 GB ext2 on /opt Past:
ASUS WL500GP v2 [DD-WRT v24-sp2 (06/17/09) mega-(SVN 12307M NEWD Eko)]
Registered Linux User #491768
Thanks for the links. I do have some understanding of how PKI works, but these will help to broaden my knowledge.
However, what I'm looking for is how to configure PKI on OpenVPN, not just an explanation of what PKI is. Perhaps I should make a post on the OpenVPN forums.
And I'm still extremely confused. The lack of GUI screws me over since I don't know all the necessary commands and parameters and rely heavily on the guide without having much understanding on what exactly it is that I'm doing.
I'm assuming that after generating the certificates as described in the guide, I'm supposed to paste the contents of ca.crt, client.crt, and client.key into the DD-WRT OpenVPN client config (Web GUI). Am I on the right track?
Joined: 26 May 2009 Posts: 183 Location: N34 31.872 E69 10.821 for now.
Posted: Thu Sep 20, 2012 20:07 Post subject:
Yeah, pretty much. The certificates can be pasted directly into the GUI. All client side certificates and keys created by the OpenVPN server need to go onto the router in their correct spots.
If you are using username and password auth.. the username and password need to be stored in memory and linked to in the openVPN config.
Did you check the wiki? There is some good stuff in there about the OpenVPN service.