OpenVPN Client on DDWRT

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
Sushi
DD-WRT Novice


Joined: 19 Sep 2012
Posts: 5

PostPosted: Wed Sep 19, 2012 19:57    Post subject: OpenVPN Client on DDWRT Reply with quote
Hi,

I deployed an OpenVPN virtual appliance and I'm able to connect to it via regular OpenVPN client using username and password.

I need assistance in connecting my DDWRT router to the same OpenVPN appliance. I'm assuming that I need to configure certificates since DDWRT OpenVPN client doesn't even have the option to enter credentials, but I'm not sure where I can get the certificate key information needed by the DDWRT. Please point me in the right direction.
Sponsor
Vespian
DD-WRT User


Joined: 26 May 2009
Posts: 183
Location: N34 31.872 E69 10.821 for now.

PostPosted: Thu Sep 20, 2012 1:57    Post subject: Reply with quote
You can use password auth.. You only need to save your username and password to a file in the temp directory.. I usaa startup script that echos to the /tmp directory. And then point to that file within openvpns additional configuration area. Im on my iPad currently.. Otherwise I'd type out a more in depth description with examples. Code on this thing is a pain because of autocorrect.
_________________
The Peacock Thread <-- New? READ THIS!
------

Current:
ASUS RT-N16 DD-WRT v24-sp2 mega(SVN revision 19519)Running OTRW - Take 2 on 8 GB Flash Disk. 128M swap + 7.5 GB ext2 on /opt
Past:
ASUS WL500GP v2 [DD-WRT v24-sp2 (06/17/09) mega-(SVN 12307M NEWD Eko)]

Registered Linux User #491768
Sushi
DD-WRT Novice


Joined: 19 Sep 2012
Posts: 5

PostPosted: Thu Sep 20, 2012 2:36    Post subject: Reply with quote
Do you know if it will still use encryption when connected with username/password as opposed to SSL certificate?
Vespian
DD-WRT User


Joined: 26 May 2009
Posts: 183
Location: N34 31.872 E69 10.821 for now.

PostPosted: Thu Sep 20, 2012 3:04    Post subject: Reply with quote
Yes. You will still need to supply a few certificates for encryption, even with username and password auth if you specify encryption in your server configs.
_________________
The Peacock Thread <-- New? READ THIS!
------

Current:
ASUS RT-N16 DD-WRT v24-sp2 mega(SVN revision 19519)Running OTRW - Take 2 on 8 GB Flash Disk. 128M swap + 7.5 GB ext2 on /opt
Past:
ASUS WL500GP v2 [DD-WRT v24-sp2 (06/17/09) mega-(SVN 12307M NEWD Eko)]

Registered Linux User #491768
Vespian
DD-WRT User


Joined: 26 May 2009
Posts: 183
Location: N34 31.872 E69 10.821 for now.

PostPosted: Thu Sep 20, 2012 3:12    Post subject: Reply with quote
Read up on PKI. It's interesting stuff. using keys for authentication is MUCH more secure..
_________________
The Peacock Thread <-- New? READ THIS!
------

Current:
ASUS RT-N16 DD-WRT v24-sp2 mega(SVN revision 19519)Running OTRW - Take 2 on 8 GB Flash Disk. 128M swap + 7.5 GB ext2 on /opt
Past:
ASUS WL500GP v2 [DD-WRT v24-sp2 (06/17/09) mega-(SVN 12307M NEWD Eko)]

Registered Linux User #491768
Sash
DD-WRT Guru


Joined: 20 Sep 2006
Posts: 17619
Location: Hesse/Germany

PostPosted: Thu Sep 20, 2012 9:00    Post subject: Reply with quote
...or static keys which we will support in the next beta.
_________________
Forum Guidelines...How to get help
&
Forum Rules
&
RTFM/STFW
&
Throw some buzzwords into the WIKI search Exclamation
_________________
I'm NOT rude, just offer pure facts!
_________________
Atheros (TP-Link & Clones, etc ) debrick service in EU
_________________
Guide on HowTo be Safe, Secure and Protect Your Online Anonymity!
Sushi
DD-WRT Novice


Joined: 19 Sep 2012
Posts: 5

PostPosted: Thu Sep 20, 2012 13:39    Post subject: Reply with quote
I was looking for a guide to configure PKI on my OpenVPN vm, but I couldn't find anything recent that's descriptive enough for me. This one is from 2004:
http://www.oreillynet.com/pub/a/security/2004/10/21/vpns_and_pki.html

Can I still follow this or is it too outdated?
Vespian
DD-WRT User


Joined: 26 May 2009
Posts: 183
Location: N34 31.872 E69 10.821 for now.

PostPosted: Thu Sep 20, 2012 14:35    Post subject: Reply with quote
http://en.wikipedia.org/wiki/Public-key_cryptography

http://computer.howstuffworks.com/encryption3.htm

Both are good references.

_________________
The Peacock Thread <-- New? READ THIS!
------

Current:
ASUS RT-N16 DD-WRT v24-sp2 mega(SVN revision 19519)Running OTRW - Take 2 on 8 GB Flash Disk. 128M swap + 7.5 GB ext2 on /opt
Past:
ASUS WL500GP v2 [DD-WRT v24-sp2 (06/17/09) mega-(SVN 12307M NEWD Eko)]

Registered Linux User #491768
Sushi
DD-WRT Novice


Joined: 19 Sep 2012
Posts: 5

PostPosted: Thu Sep 20, 2012 16:47    Post subject: Reply with quote
Thanks for the links. I do have some understanding of how PKI works, but these will help to broaden my knowledge.
However, what I'm looking for is how to configure PKI on OpenVPN, not just an explanation of what PKI is. Perhaps I should make a post on the OpenVPN forums.
Sushi
DD-WRT Novice


Joined: 19 Sep 2012
Posts: 5

PostPosted: Thu Sep 20, 2012 19:48    Post subject: Reply with quote
I followed this OpenVPN guide for Ubuntu: https://help.ubuntu.com/community/OpenVPN

And I'm still extremely confused. The lack of GUI screws me over since I don't know all the necessary commands and parameters and rely heavily on the guide without having much understanding on what exactly it is that I'm doing.

I'm assuming that after generating the certificates as described in the guide, I'm supposed to paste the contents of ca.crt, client.crt, and client.key into the DD-WRT OpenVPN client config (Web GUI). Am I on the right track?
Vespian
DD-WRT User


Joined: 26 May 2009
Posts: 183
Location: N34 31.872 E69 10.821 for now.

PostPosted: Thu Sep 20, 2012 20:07    Post subject: Reply with quote
Yeah, pretty much. The certificates can be pasted directly into the GUI. All client side certificates and keys created by the OpenVPN server need to go onto the router in their correct spots.

If you are using username and password auth.. the username and password need to be stored in memory and linked to in the openVPN config.

Did you check the wiki? There is some good stuff in there about the OpenVPN service.

http://www.dd-wrt.com/wiki/index.php/Tutorials

_________________
The Peacock Thread <-- New? READ THIS!
------

Current:
ASUS RT-N16 DD-WRT v24-sp2 mega(SVN revision 19519)Running OTRW - Take 2 on 8 GB Flash Disk. 128M swap + 7.5 GB ext2 on /opt
Past:
ASUS WL500GP v2 [DD-WRT v24-sp2 (06/17/09) mega-(SVN 12307M NEWD Eko)]

Registered Linux User #491768
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum