OpenVPN-Setup


Revision history for OpenVPN-Setup


Revision [15719]

Last edited on 2017-03-16 00:11:35 by daveraver
Additions:
It's also interesting add this file on both sides too, server/client profiles:
**auth SHA256**


Revision [15716]

Edited on 2017-03-15 18:00:31 by daveraver
Additions:
If we don't indicate the cipher on server.conf file, the client only can use the bf-cbc cipher. I am using now cipher AES-256-CBC just adding this line to server.conf and changing cipher at openvnp client profile *.ovpn file:
Deletions:
If we don't indicate the cipher on server.conf file, the client only can use the bf-cbc cipher. I am using now cipher AES-256-CBC just adding this line to server.conf and adding the same line to the openvnp client profile *.ovpn file:


Revision [15713]

Edited on 2017-03-15 17:58:15 by daveraver

No Differences

Revision [15710]

Edited on 2017-03-15 17:57:29 by daveraver
Additions:
**cipher AES-256-CBC**
Deletions:
[code]
cipher AES-256-CBC
[/code]


Revision [15707]

Edited on 2017-03-15 17:55:10 by daveraver
Additions:
If we don't want to run in TLS server mode, we can replace all .pem files for original certificate files except the dh2048.pem file, dh file keep in same .pem format, and remove the line 'tls-server' editing server.conf in /etc/openvpn.
======Changing 'cipher' ======
If we don't indicate the cipher on server.conf file, the client only can use the bf-cbc cipher. I am using now cipher AES-256-CBC just adding this line to server.conf and adding the same line to the openvnp client profile *.ovpn file:
[code]
cipher AES-256-CBC
[/code]
Deletions:
If we don't want to run in TLS server mode, we can replace all .pem files for original certificate files except the dh2048.pem file, dh file keep in same .pem format, and remove the line 'tls-server' editing server.conf in /etc/openvpn.


Revision [15701]

Edited on 2017-03-09 12:57:21 by daveraver
Additions:
If we don't want to run in TLS server mode, we can replace all .pem files for original certificate files except the dh2048.pem file, dh file keep in same .pem format, and remove the line 'tls-server' editing server.conf in /etc/openvpn.
Deletions:
If we want to run in not TLS server mode, we can replace all .pem files for original certificate files except the dh1024.pem file, dh file keep in same .pem format, and remove the line 'tls-server' editing server.conf in /etc/openvpn.


Revision [15698]

Edited on 2017-03-09 12:56:29 by daveraver

No Differences

Revision [15695]

Edited on 2017-03-09 12:56:02 by daveraver
Additions:
======{{color text="*" c="red"}}All files converted to .pem format is to run TLS server======
Deletions:
======All files converted to .pem format is to run TLS server======
{{color text="*" c="red"}}


Revision [15692]

Edited on 2017-03-09 12:54:56 by daveraver
Additions:
All these conversions to .pem extension are based on openvpn --help binnary information of our instalation of openvpn in our STB, maybe it's not necessary (see at the end of this wiki){{color text="*" c="red"}}
{{color text="*" c="red"}}
Deletions:
All these conversions to .pem extension are based on openvpn --help binnary information of our instalation of openvpn in our STB, maybe it's not necessary (see at the end of this wiki){{color text="text" c="red"}}*


Revision [15689]

Edited on 2017-03-09 12:53:42 by daveraver
Additions:
All these conversions to .pem extension are based on openvpn --help binnary information of our instalation of openvpn in our STB, maybe it's not necessary (see at the end of this wiki){{color text="text" c="red"}}*
Deletions:
All these conversions to .pem extension are based on openvpn --help binnary information of our instalation of openvpn in our STB, maybe it's not necessary (see at the end of this wiki){{color text="text" c="color"}}*


Revision [15686]

Edited on 2017-03-09 12:53:03 by daveraver
Additions:
If we want to run in not TLS server mode, we can replace all .pem files for original certificate files except the dh1024.pem file, dh file keep in same .pem format, and remove the line 'tls-server' editing server.conf in /etc/openvpn.
Deletions:
If we want to run in not TLS server mode, we can replace all .pem files for original certificate files except the dh1024.pem file, dh file keep in same .pem format, and remove the line 'tls server' editing server.conf in /etc/openvpn.


Revision [15683]

Edited on 2017-03-09 12:52:37 by daveraver
Additions:
All these conversions to .pem extension are based on openvpn --help binnary information of our instalation of openvpn in our STB, maybe it's not necessary (see at the end of this wiki){{color text="text" c="color"}}*
======All files converted to .pem format is to run TLS server======
If we want to run in not TLS server mode, we can replace all .pem files for original certificate files except the dh1024.pem file, dh file keep in same .pem format, and remove the line 'tls server' editing server.conf in /etc/openvpn.
Deletions:
All these conversions to .pem extension are based on openvpn --help binnary information of our instalation of openvpn in our STB, maybe it's not necessary.


Revision [15645]

Edited on 2017-01-23 20:17:55 by daveraver
Additions:
Now, in this mode, you can convert .key file to .pem for server files, to put in stb at /etc/openvpn/
**$ openssl> rsa -in filename.key -out filename.key.pem -outform PEM**
The ca.crt and server.crt file, we have to open the certificate in windows OS and select details tab> copy file> convert to binary DER x509 and select destination folder to save.
Then we convert the ca.cer and server.cer files to .pem file:
**OpenSSL>x509 -inform DER -in filename.cer -outform PEM -out filename.pem**
Deletions:
Now, in this mode, you can convert .crt and .key files to .pem for server files, to put in stb at /etc/openvpn/
**$ openssl> x509 -in filename.crt -inform DER -out filename.crt.pem -outform PEM
$ openssl> rsa -in filename.key -out filename.key.pem -outform PEM**
The ca.cert file, we have to open the certificate in windows OS and select details tab> copy file> convert to binary DER x509 and select destination folder to save.
Then we convert the ca.cer file to .pem file:
**OpenSSL>x509 -inform DER -in ca.cer -outform PEM -out ca.pem**


Revision [15633]

Edited on 2017-01-16 14:13:54 by daveraver
Additions:
All these conversions to .pem extension are based on openvpn --help binnary information of our instalation of openvpn in our STB, maybe it's not necessary.
Deletions:
All these conversions to .pem extension is based on openvpn --help binnary information of our instalation of openvpn in our STB, maybe it's not necessary.


Revision [15630]

Edited on 2017-01-14 20:16:17 by daveraver
Additions:
port 443 (sample port) 1194 default
remote 'hostname(NOIP) or Public IP' 443 (sample port) 1194 default
Deletions:
port 443 (sample port)
remote 'hostname(NOIP) or Public IP' 443 (sample port)


Revision [15627]

Edited on 2017-01-14 20:07:30 by daveraver
Additions:
I add two extra .pem files to the directory 01.pem and 02.pem, they have been generated on the files creation, they contains key info, I dont know if there is duplicity of information. These two files are optional.
extra-certs 01.pem #optional
extra-certs 02.pem #optional
Deletions:
I add two extra .pem files to the directory 01.pem and 02.pem, they have been generated on the files creation, they contains key info, I dont know if there is duplicity of information.
extra-certs 01.pem
extra-certs 02.pem


Revision [15624]

Edited on 2017-01-14 18:15:26 by daveraver
Additions:
**The port we are going to use to vnp connection have to be opened on main router, of course, and you can forward to other different external port as you know**
Deletions:
**The port we are going to use to vnp connection have to be opened on main router, of course, and you can forward to other external different port as you know**


Revision [15621]

Edited on 2017-01-14 16:44:19 by daveraver

No Differences

Revision [15618]

Edited on 2017-01-14 16:43:39 by daveraver
Additions:
The ca.cert file, we have to open the certificate in windows OS and select details tab> copy file> convert to binary DER x509 and select destination folder to save.
dh2048.pem, we have to locate at openvpn config directory too, /etc/openvpn
**The port we are going to use to vnp connection have to be opened on main router, of course, and you can forward to other external different port as you know**
Deletions:
The ca.cert file, we have to open the certificate in windows OS and select details tab> copy file>convert to binary DER x509 and select destination folder to save.
dh2048.pem have to locate at openvpn config directory too, /etc/openvpn
**The port we are going to use to vnp connection have to be opened, of course, and you can forward to other external different port as you know**


Revision [15615]

Edited on 2017-01-14 16:36:43 by daveraver
Additions:
The ca.cert file, we have to open the certificate in windows OS and select details tab> copy file>convert to binary DER x509 and select destination folder to save.
Deletions:
The ca.cert file, he have to open the certificate in windows OS and select details tab> copy file>convert to binary DER x509 and select destination folder to save.


Revision [15612]

Edited on 2017-01-14 16:33:48 by daveraver
Additions:
tested on openvpn version 2.3.2 mipsel-oe-linux-gnu release date feb 3, 2016.


Revision [15609]

Edited on 2017-01-14 16:20:39 by daveraver
Additions:
up to finish these three last steps:
Deletions:
up to finish this three last steps:


Revision [15606]

Edited on 2017-01-14 16:19:48 by daveraver
Additions:
I saw that doing openvpn --help on box command line, all files have to be .pem extension. Let's to convert the files.
Deletions:
=====I saw that doing openvpn --help on box command line, all files have to be .pem extension. Let's to convert the files:=====
==========


Revision [15603]

The oldest known version of this page was created on 2017-01-14 11:52:06 by daveraver
Valid XHTML :: Valid CSS: :: Powered by WikkaWiki