After much effort, I finally got a working configuration of OpenVPN on my Netgear DG834G router with the custom DGTeam firmware. Long story short, I copied the ca.crt, router.crt, router.key and dh1024.pem files to a writeable directory on the router (/etc), tweaked the openvpn.conf file to reference these files, added some custom ifconfig commands for the tun0 interface and was able to get a working OpenVPN configuration. However these certificate and key files do not survive a router reboot as they are not written to the nvram (???). The router runs an older version of busybox (1.16). Does anyone know how to save these files so they will survive a router reboot? I have tried using the unified format of the configuration file in order to store the certificate and key files in the openvpn.conf file, but apparently the unified format is only for clients, not server (???). Any help is greatly appreciated....
Thx
Saving certificates, keys files to router
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 3
- Joined: Wed Oct 12, 2016 3:41 am
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Saving certificates, keys files to router
I cannot help you with the router NVRAM problem, however, 1024bit PKI is now considered to be insecure and you really should move to 2048bit PKI. Use EasyRSA to generate your PKI.
- dazo
- OpenVPN Inc.
- Posts: 155
- Joined: Mon Jan 11, 2010 10:14 am
- Location: dazo :: #openvpn-devel @ libera.chat
Re: Saving certificates, keys files to router
I would rather say that both DH params and the RSA keys should be minimum 2048 bits. If you have CPU power to drive all your clients at 4096bit, you should prefer that.
-
- OpenVpn Newbie
- Posts: 3
- Joined: Wed Oct 12, 2016 3:41 am
Re: Saving certificates, keys files to router
I was finally able to get the certificate files saved to the NVRAM and reloaded automatically
upon a router restart. If anyone has a NetGear with DGTeam firmware and would like help
getting the included OpenVPN server up and running, I can post the instructions here.
Thx...
upon a router restart. If anyone has a NetGear with DGTeam firmware and would like help
getting the included OpenVPN server up and running, I can post the instructions here.
Thx...