OpenVPN Support Forum

I've been using OpenVPN as a Docker for a year with great success. I've recently upgraded my Router to a D-Link DSR-500 that has a built in OpenVPN server / Client.

I've started to work on the Open VPN Server configuration and have hit a problem I've not been able to resolve. Generating DH Keys

In my docker I was able to go to SSLForFree.net and create the certs necessary to get openvpn up and running. Seems the version that on my new firewall requires several different files to be uploaded.

Trusted Certificate (CA Certificate) - Got it
Server / Client Certificate - Got it
Server / Client Key - Got it

DH Key - Need it
Tis Authentication Key - Need it
CRL Certificate - Need it

So I'm asking can someone guide as to how to create these files?

Thanks

Try this

EASY-RSA
https://github.com/OpenVPN/easy-rsa/releases
https://github.com/OpenVPN/easy-rsa/rel ... v3.0.0-rc2

TinCanTech wrote:Try this

EASY-RSA
https://github.com/OpenVPN/easy-rsa/releases
https://github.com/OpenVPN/easy-rsa/rel ... v3.0.0-rc2

From the readme file that appears to be on the right path, but, even though it says it comes with the windows exe files the bat doesn't work. Is the only way to do this to spin up a unix / linux client?

Look closer ..

TinCanTech wrote:Look closer ..

Very help full.. I've read both readme, found openssl run that still nada.

TinCanTech wrote:Try this

EASY-RSA
https://github.com/OpenVPN/easy-rsa/releases
https://github.com/OpenVPN/easy-rsa/rel ... v3.0.0-rc2

Everything you need for either windows or linux is on the end of those links.

I've gotten everything but the Tis key created... See no windows command to create it. If you'd like to point me to the command that would be wonderful.

Most of my reading says to use 2048-bit keys or higher, Im my test run of making the keys seems the default is 1024, is there a command to change that? have not found that in my reading.

thx

bdm wrote:I've gotten everything but the Tis key created

You mean TLS key ..

See hardening here

TinCanTech wrote:

bdm wrote:I've gotten everything but the Tis key created

You mean TLS key ..

See hardening here

Your replys were very prompt, but did not shine much light on the issues. Thanks for the time, but I'm not looking for 500 pages of information to read through.

All of the documentation you've linked to I've read over, searched, and picked through for the specific questions I had. Then finding none I came to a community support form only to be directed back to the same documentation I had used to answered my questions to begin with.

If anyone knows the command to switch the windows cert / key process to 2048 bit that would be greatly appreciated.
If anyone knows the windows command to create the Tls cert that would be appreciated.

Heres what i have so far..

init-config
vars
clean-all
build-ca
build-key-server server
build-key client1
build-dh



I've tried this but haven't gotten the key to generate as of yet. openvpn --genkey --secret ta.key

bdm wrote:Your replys were very prompt, but did not shine much light on the issues. Thanks for the time, but I'm not looking for 500 pages of information to read through.

All of the documentation you've linked to I've read over, searched, and picked through for the specific questions I had. Then finding none I came to a community support form only to be directed back to the same documentation I had used to answered my questions to begin with.

You appear to be doing fine .. so I'll just carry on ..

bdm wrote:If anyone knows the command to switch the windows cert / key process to 2048 bit that would be greatly appreciated

See README.txt in .\easy-rsa

bdm wrote:I've tried this but haven't gotten the key to generate as of yet. openvpn --genkey --secret ta.key

What error message did you get ?

I have the ta issue fixed.. thx to another user

the readme has nothing in it about changing encryption levels that I've seen, and I've looked over both read me files several times.

It is clearly documented.