tap bridge, making certificates

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
View previous topic :: View next topic  
Author Message
dutch_user
DD-WRT Novice


Joined: 09 May 2017
Posts: 15
PostPosted: Sun Oct 15, 2017 15:13    Post subject: tap bridge, making certificates Reply with quote
Hello friends,

After recently building a tun tunnel, i ran into some issues wich made me think of running a TAP tunnel between 2 locations

I followed this topic to configure the bridge [url] https://forums.openvpn.net/viewtopic.php?t=7049 [/url]

but reading the logs, i guess i need to make some certificates for this endavour to work.

Can dd-wrt create these certificated for me, or do i need to go another path?

like building them om on a computer, what is the right way to do this?

thanks in advance Wink
Back to top View user's profile Send private message
Sponsor
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6870
Location: Romerike, Norway
PostPosted: Sun Oct 15, 2017 16:03    Post subject: Reply with quote
There is no difference in the certificates between tun and tap.
With tun, there have to be different sub-nets on both sides, while tap needs the same on both sides.

What issues did you have?
Back to top View user's profile Send private message
dutch_user
DD-WRT Novice


Joined: 09 May 2017
Posts: 15
PostPosted: Sun Oct 15, 2017 16:17    Post subject: Reply with quote
Hi Per,

The logs tells me that i need to install/place certificates and thats fine,

But i have no idea how i can make these certificates, can ddwrt make their own certificates or can i use a computer to make them and copy/paste them ?


It's for 2 dd-wrt routers
Back to top View user's profile Send private message
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6870
Location: Romerike, Norway
PostPosted: Sun Oct 15, 2017 17:53    Post subject: Reply with quote
It must be generated at a workstation.

https://openvpn.net/index.php/open-source/documentation/howto.html#pki
Back to top View user's profile Send private message
spuriousoffspring
DD-WRT Guru


Joined: 05 Apr 2017
Posts: 981
Location: Louisiana, USA
PostPosted: Sun Oct 15, 2017 19:38    Post subject: Reply with quote
Free download that will help:

https://notepad-plus-plus.org
_________________
DD-WRT Installation & Setup TUTORIAL
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=311117

WRT32X DD-WRT Installation Procedure
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=315569

IPVanish OpenVPN Client Setup TUTORIAL
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=308565

FIRMWARE: OpenWrt SNAPSHOT r8217-2cc821e / LuCI Master (git-18.276.41146-280dd33)
MODEM: ARRIS SURFBoard SB8200
ROUTER: Linksys WRT32X
USB NAS: Western Digital BLACK 1 TB Hardrive + Startech USB 3.0 External SATA III Enclosure
Back to top View user's profile Send private message
dutch_user
DD-WRT Novice


Joined: 09 May 2017
Posts: 15
PostPosted: Thu Oct 19, 2017 20:36    Post subject: Reply with quote
So.... i've been trying for heck to get easy-rsa working, but my computer refuses it.... (windows Cool
am about to throw it out of the window....



is tere an alternative option?


Is it possible to just "type in" my own "key" in the static field? (basicly typing some random stuff on the keyboard, and copy/paste that..)
Back to top View user's profile Send private message
dutch_user
DD-WRT Novice


Joined: 09 May 2017
Posts: 15
PostPosted: Fri Oct 20, 2017 8:39    Post subject: Reply with quote
Jxm, thanks !!!! That worked....

Now i can build certificates, thanx again
Back to top View user's profile Send private message
Boogalooz
DD-WRT User


Joined: 13 Oct 2017
Posts: 52
PostPosted: Tue Oct 24, 2017 18:49    Post subject: Reply with quote
I followed the steps outlined by jxm (thank you sir) and have 2 questions.

(1) For some reason, my .pem file was created as : "dh4096.pem" and stored in the easy-rsa/keys folder.

Does this mean that OpenVPN will use 4096 bit encryption? I wanted to try and set this up using 2048 encryption so I could do side by side speed tests using my 1900ACv2 and a PiVPN setup I have been using.

(2) If the dh4096.pem is the instruction that tells openvpn to use 4096 encryption, where in the setup process did I go wrong, if my desire is to use 2048 bit encryption?

Thanks.
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum