Revision history for OpenVPN-Setup
Additions:
It's also interesting add this file on both sides too, server/client profiles:
**auth SHA256**
**auth SHA256**
Additions:
If we don't indicate the cipher on server.conf file, the client only can use the bf-cbc cipher. I am using now cipher AES-256-CBC just adding this line to server.conf and changing cipher at openvnp client profile *.ovpn file:
Deletions:
No Differences
Additions:
**cipher AES-256-CBC**
Deletions:
cipher AES-256-CBC
[/code]
Additions:
If we don't want to run in TLS server mode, we can replace all .pem files for original certificate files except the dh2048.pem file, dh file keep in same .pem format, and remove the line 'tls-server' editing server.conf in /etc/openvpn.
======Changing 'cipher' ======
If we don't indicate the cipher on server.conf file, the client only can use the bf-cbc cipher. I am using now cipher AES-256-CBC just adding this line to server.conf and adding the same line to the openvnp client profile *.ovpn file:
[code]
cipher AES-256-CBC
[/code]
======Changing 'cipher' ======
If we don't indicate the cipher on server.conf file, the client only can use the bf-cbc cipher. I am using now cipher AES-256-CBC just adding this line to server.conf and adding the same line to the openvnp client profile *.ovpn file:
[code]
cipher AES-256-CBC
[/code]
Deletions:
Additions:
If we don't want to run in TLS server mode, we can replace all .pem files for original certificate files except the dh2048.pem file, dh file keep in same .pem format, and remove the line 'tls-server' editing server.conf in /etc/openvpn.
Deletions:
No Differences
Additions:
======{{color text="*" c="red"}}All files converted to .pem format is to run TLS server======
Deletions:
{{color text="*" c="red"}}
Additions:
All these conversions to .pem extension are based on openvpn --help binnary information of our instalation of openvpn in our STB, maybe it's not necessary (see at the end of this wiki){{color text="*" c="red"}}
{{color text="*" c="red"}}
{{color text="*" c="red"}}
Deletions:
Additions:
All these conversions to .pem extension are based on openvpn --help binnary information of our instalation of openvpn in our STB, maybe it's not necessary (see at the end of this wiki){{color text="text" c="red"}}*
Deletions:
Additions:
If we want to run in not TLS server mode, we can replace all .pem files for original certificate files except the dh1024.pem file, dh file keep in same .pem format, and remove the line 'tls-server' editing server.conf in /etc/openvpn.
Deletions:
Additions:
All these conversions to .pem extension are based on openvpn --help binnary information of our instalation of openvpn in our STB, maybe it's not necessary (see at the end of this wiki){{color text="text" c="color"}}*
======All files converted to .pem format is to run TLS server======
If we want to run in not TLS server mode, we can replace all .pem files for original certificate files except the dh1024.pem file, dh file keep in same .pem format, and remove the line 'tls server' editing server.conf in /etc/openvpn.
======All files converted to .pem format is to run TLS server======
If we want to run in not TLS server mode, we can replace all .pem files for original certificate files except the dh1024.pem file, dh file keep in same .pem format, and remove the line 'tls server' editing server.conf in /etc/openvpn.
Deletions:
Additions:
Now, in this mode, you can convert .key file to .pem for server files, to put in stb at /etc/openvpn/
**$ openssl> rsa -in filename.key -out filename.key.pem -outform PEM**
The ca.crt and server.crt file, we have to open the certificate in windows OS and select details tab> copy file> convert to binary DER x509 and select destination folder to save.
Then we convert the ca.cer and server.cer files to .pem file:
**OpenSSL>x509 -inform DER -in filename.cer -outform PEM -out filename.pem**
**$ openssl> rsa -in filename.key -out filename.key.pem -outform PEM**
The ca.crt and server.crt file, we have to open the certificate in windows OS and select details tab> copy file> convert to binary DER x509 and select destination folder to save.
Then we convert the ca.cer and server.cer files to .pem file:
**OpenSSL>x509 -inform DER -in filename.cer -outform PEM -out filename.pem**
Deletions:
**$ openssl> x509 -in filename.crt -inform DER -out filename.crt.pem -outform PEM
$ openssl> rsa -in filename.key -out filename.key.pem -outform PEM**
The ca.cert file, we have to open the certificate in windows OS and select details tab> copy file> convert to binary DER x509 and select destination folder to save.
Then we convert the ca.cer file to .pem file:
**OpenSSL>x509 -inform DER -in ca.cer -outform PEM -out ca.pem**
Additions:
All these conversions to .pem extension are based on openvpn --help binnary information of our instalation of openvpn in our STB, maybe it's not necessary.
Deletions:
Additions:
port 443 (sample port) 1194 default
remote 'hostname(NOIP) or Public IP' 443 (sample port) 1194 default
remote 'hostname(NOIP) or Public IP' 443 (sample port) 1194 default
Deletions:
remote 'hostname(NOIP) or Public IP' 443 (sample port)
Additions:
I add two extra .pem files to the directory 01.pem and 02.pem, they have been generated on the files creation, they contains key info, I dont know if there is duplicity of information. These two files are optional.
extra-certs 01.pem #optional
extra-certs 02.pem #optional
extra-certs 01.pem #optional
extra-certs 02.pem #optional
Deletions:
extra-certs 01.pem
extra-certs 02.pem
Additions:
**The port we are going to use to vnp connection have to be opened on main router, of course, and you can forward to other different external port as you know**
Deletions:
No Differences
Additions:
The ca.cert file, we have to open the certificate in windows OS and select details tab> copy file> convert to binary DER x509 and select destination folder to save.
dh2048.pem, we have to locate at openvpn config directory too, /etc/openvpn
**The port we are going to use to vnp connection have to be opened on main router, of course, and you can forward to other external different port as you know**
dh2048.pem, we have to locate at openvpn config directory too, /etc/openvpn
**The port we are going to use to vnp connection have to be opened on main router, of course, and you can forward to other external different port as you know**
Deletions:
dh2048.pem have to locate at openvpn config directory too, /etc/openvpn
**The port we are going to use to vnp connection have to be opened, of course, and you can forward to other external different port as you know**
Additions:
The ca.cert file, we have to open the certificate in windows OS and select details tab> copy file>convert to binary DER x509 and select destination folder to save.
Deletions:
Additions:
tested on openvpn version 2.3.2 mipsel-oe-linux-gnu release date feb 3, 2016.
Additions:
up to finish these three last steps:
Deletions:
Additions:
I saw that doing openvpn --help on box command line, all files have to be .pem extension. Let's to convert the files.
Deletions:
==========