Need some help for installing and configuring openVPN server on an enigma2 receiver

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
olco
OpenVpn Newbie
Posts: 4
Joined: Fri Feb 08, 2019 10:48 am

Need some help for installing and configuring openVPN server on an enigma2 receiver

Post by olco » Fri Feb 08, 2019 11:17 am

Hi,

I installed openVPN successfully on a debian VM and rasbian stretch using the PiVPN script.
As the machine, the debian VM is running on is not supposed to run 24/7 and the power of the RPi3 seems to be unsufficient to get the maximum out of my upload bandwith, I was thinking about installing openVPN on my linux receiver which is running 24/7.

So that's where the problems start because the HowTos and tutorials I read didn't work for me on that system.
The OS running on the receiver is enigma2.

Openssl seems to run on the receiver, as I was able to crate a 4096bit key using this command:

Code: Select all

openssl genrsa -out ca.key 4096
Diffie Hellman key is also creatable by:

Code: Select all

openssl dhparam -out dh2048.pem 2048
OpenVPN can be installed by:

Code: Select all

opkg install openvpn
But creating the certificate authority doesn't work by:

Code: Select all

openssl req -config Configs/ca.config -sha256 -new -key ca.key -out ca.csr -sha256
I found these commands in a HowTo in a board that is all about these enigma2 receivers. The user who wrote this said he would attach some files that would make the installation easier, unfortunately he missed that. So I guess creating the certificate authority fails because these files are missing.

My linux skills are kind of non exising so after I didn't get help in that board I am asking for some help here.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5571
Joined: Fri Jun 03, 2016 1:17 pm

Re: Need some help for installing and configuring openVPN server on an enigma2 receiver

Post by TinCanTech » Fri Feb 08, 2019 11:24 am

Try using EasyRSA to create your PKI and then upload the files to your device.
https://github.com/OpenVPN/easy-rsa/releases

olco
OpenVpn Newbie
Posts: 4
Joined: Fri Feb 08, 2019 10:48 am

Re: Need some help for installing and configuring openVPN server on an enigma2 receiver

Post by olco » Fri Feb 08, 2019 12:12 pm

So I can use EasyRSA on my windows deaktop, create the PKI there and just upload the files and use them on the linux receiver?

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5571
Joined: Fri Jun 03, 2016 1:17 pm

Re: Need some help for installing and configuring openVPN server on an enigma2 receiver

Post by TinCanTech » Fri Feb 08, 2019 12:27 pm

I don't know but that is what I would try ..

olco
OpenVpn Newbie
Posts: 4
Joined: Fri Feb 08, 2019 10:48 am

Re: Need some help for installing and configuring openVPN server on an enigma2 receiver

Post by olco » Fri Feb 08, 2019 11:19 pm

So at first I created all the needed keys on my windows machine. Finally I got them and so I created new ones directly on the receiver, just to get a little more pratice.

So now I have a folder, where I stored the server.conf and the easy-rsa folder containing the keys and certs.

Code: Select all

/etc/openvpn
What I am wondering about is that when I start the OpenVPN server for testing purposes I do the following:

Code: Select all

cd /etc/openvpn
openvpn server.conf
And then I have to type the Private Key Password that I chose while creating the pki for the server, when I used:

Code: Select all

./easyrsa build-server-full server
Is there a way to avoid that?
Or can that be done automatically, when I get the OpenVPN server to autostart?


Apart from that, I am able to connect to the OpenVPN server from my smartphone when I am in the same LAN, when I use the IP as the remote adress instead of the DynDNS. When I use the latter, the server can't be found.
I double checked the portforwarding of my router aswell as the port and the remote DynDNS in the server.conf and the client.ovpn files.
Is there something else that might cause that?

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5571
Joined: Fri Jun 03, 2016 1:17 pm

Re: Need some help for installing and configuring openVPN server on an enigma2 receiver

Post by TinCanTech » Sat Feb 09, 2019 12:00 am

Try ./easyrsa --help

olco
OpenVpn Newbie
Posts: 4
Joined: Fri Feb 08, 2019 10:48 am

Re: Need some help for installing and configuring openVPN server on an enigma2 receiver

Post by olco » Sat Feb 09, 2019 12:16 am

Yeah well, that gives me the following:

Code: Select all

  init-pki
  build-ca [ cmd-opts ]
  gen-dh
  gen-req <filename_base> [ cmd-opts ]
  sign-req <type> <filename_base>
  build-client-full <filename_base> [ cmd-opts ]
  build-server-full <filename_base> [ cmd-opts ]
  revoke <filename_base> [cmd-opts]
  renew <filename_base> [cmd-opts]
  build-serverClient-full <filename_base> [ cmd-opts ]
  gen-crl
  update-db
  show-req <filename_base> [ cmd-opts ]
  show-cert <filename_base> [ cmd-opts ]
  show-ca [ cmd-opts ]
  import-req <request_file_path> <short_basename>
  export-p7 <filename_base> [ cmd-opts ]
  export-p12 <filename_base> [ cmd-opts ]
  set-rsa-pass <filename_base> [ cmd-opts ]
  set-ec-pass <filename_base> [ cmd-opts ]
That doesn't help me as these two seem to be the only commands to build the pki for server and client:

Code: Select all

build-client-full <filename_base>
build-server-full <filename_base>
Am I missunderstanding something?


Edit:
The README.quickstart.md in the easyrsa folder says:
Changing private key passphrases
--------------------------------

RSA and EC private keys can be re-encrypted so a new passphrase can be supplied
with one of the following commands depending on the key type:

./easyrsa set-rsa-pass EntityName
./easyrsa set-ec-pass EntityName

Optionally, the passphrase can be removed completely with the 'nopass' flag.
Consult the command help for details.
Is that the way I can get over the issue, that I have to type in the password when starting the OpenVPN server?

Edit 2:
Got rid of the passwort prompt on server startup by:

Code: Select all

./easyrsa set-rsa-pass server nopass
./easyrsa gen-crl
Also got it to work via WAN and LAN.

Edit 3:
Well, I am able to connect my smartphone to the OpenVPN server via LAN and WAN but I am not able to access the internet or other devices in the network. I read, this issue might be caused if the IP subnet at home is the same as the one the client is connected to. But as my subnet at home is 192.168.10.X I guess that's not the point.

Can someone have a look at my server.conf and client.conf, if I have done something wrong here?

Code: Select all

dev tun
proto udp
port PORT
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server.crt
key /etc/openvpn/easy-rsa/pki/private/server.key
dh /etc/openvpn/easy-rsa/pki/dh.pem
topology subnet
server 10.8.0.0 255.255.255.0
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "block-outside-dns"
push "redirect-gateway def1"
client-to-client
keepalive 10 120
remote-cert-tls client
tls-version-min 1.2
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
cipher AES-256-CBC
max-clients 2
persist-key
persist-tun
status openvpn-status.log
verb 3

Code: Select all

client
dev tun
proto udp
remote DynDNSAddress PORT
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
tls-version-min 1.2
cipher AES-256-CBC
verb 3
redirect-gateway def1

<ca>
-----BEGIN CERTIFICATE-----
abcdefghijklmnopqrstuvwxyz
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
abcdefghijklmnopqrstuvwxyz
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
abcdefghijklmnopqrstuvwxyz
-----END ENCRYPTED PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
abcdefghijklmnopqrstuvwxyz
-----END OpenVPN Static key V1-----
</tls-crypt>

Post Reply