OpenVPN Support Forum

Dear All,

I am strugguling with finding out how to get an "autoconfiguration" for me Dreambox DM800SEV2.

What I mean by autoconfiguration are the severeal quiestions which apear only ONCE after installing an openvpn on the system.

like this :
-------------------------------------------------------------------------------------------------------------------------
You are about to be asked to enter information that will be incorporatedinto your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [CA]:WA
Locality Name (eg, city) [SanFrancisco]:Seattle
Organization Name (eg, company) [Fort-Funston]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address [me@myhost.mydomain]:


..... etc etc
-------------------------------------------------------------------------------------------------------------------------

Is there any telnet command which resets the system totally so that after unistalling and then installing again openvpn I ll be asked to follow the "autoconfiguration" ?

The only method which I know is re-flashing early saved image, but it is not handy....

any help would be appritiated

which image are you using? pli?sif?nabilo?

Michael.

maikcat wrote:which image are you using? pli?sif?nabilo?

I am using OpenPLi.

do you intend to use your dm as server or client?

basically you should configure openvpn somewhere else and simply drop there
your certs, you dont need to configure openvpn via any autoconfig scripts...

if you insist to use pli's autoconfig script then you have to contact their forum
since such a script is NOT openvpn's one but pli's itself.

Michael.

Thank you for your quick answer Micheal!

maikcat wrote:do you intend to use your dm as server or client?

- I would like to run it as a server. (multi client server).

I'd like to connect 1TB harddrive to my Dreambox and have access to it from any location.

maikcat wrote:basically you should configure openvpn somewhere else and simply drop there

u mean just install openvpn on windows and copy all files to Dreambox ?

// Roland

u mean just install openvpn on windows and copy all files to Dreambox ?

not the binaries themselves,

create your CA on a windows/linux pc , create your server config (its only a text file)
then copy the necesary certs to your dm and your config then start openvpn on your dm.

Michael.

ps: which cam do you use?

so I need to copy only those 3 files:
ca.crt
key
server.conf

to /etc/openvpn is that correct ?

I am not sure why I didn't get any sample configuration files from opkg installer.
Do u have any good instruction how to install opevpn on Draembox ? Step by step?
Also would like to know if I need a Domain Controller for openvpn?

maikcat wrote: which cam do you use?

-CCcam 2.3

so I need to copy only those 3 files:
ca.crt
key
server.conf

if you want to use TLS you will need + 3 files as well (dh.pem,server.crt/key)
search the forum for examples please.

Do u have any good instruction how to install opevpn on Draembox ? Step by step?

on dm no since this is usually the image work as there are not official distros

Also would like to know if I need a Domain Controller for openvpn?

need? no, but you can use one if you want,it all depends from what you want to do...

cccam is nice..and its web interface too

Michael.

Well Thanks Again Micheal.

Did as u said. Made all certificates and keys in windows 7 and put in Dreambox.
Unfortunatelly I get some errors during making of certificates and during starting the server both on windows and on dreambox.
I ve read about those errors, but couldn't find and working solution.

First one: By every certificate i get an error

build-ca.bat: can't open config file: /etc/ssl/openssl.cnf

according to this post: topic11070.html i can just ignore it.

build-dh.bat same error

build-key-server.bat same error

build-key user same error

build-dh.bat same error

Already tried to do all keys and certificates 2 times. Keys are looking good. Files aren't curropt.


Second problem is starting open with server.ovpn (windows7 x86 and windows 8.1x64 ) and server.conf (Dreambox):


WINDOWS :
---------------------------------------------------------------------------------
Wed Mar 25 17:42:08 2015 OpenVPN 2.3.6 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Mar 19 2015
Wed Mar 25 17:42:08 2015 library versions: OpenSSL 1.0.1m 19 Mar 2015, LZO 2.08
Enter Management Password:
Wed Mar 25 17:42:08 2015 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Wed Mar 25 17:42:08 2015 Need hold release from management interface, waiting...
Wed Mar 25 17:42:08 2015 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Wed Mar 25 17:42:08 2015 MANAGEMENT: CMD 'state on'
Wed Mar 25 17:42:08 2015 MANAGEMENT: CMD 'log all on'
Wed Mar 25 17:42:08 2015 MANAGEMENT: CMD 'hold off'
Wed Mar 25 17:42:08 2015 MANAGEMENT: CMD 'hold release'
Wed Mar 25 17:42:08 2015 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Wed Mar 25 17:42:09 2015 Diffie-Hellman initialized with 1024 bit key
Wed Mar 25 17:42:09 2015 MANAGEMENT: Client disconnected
Wed Mar 25 17:42:09 2015 Cannot load certificate file DREAMBOX.csr: error:0906D06C:PEM routines:PEM_read_bio:no start line: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
Wed Mar 25 17:42:09 2015 Exiting due to fatal error
----------------------------------------------------------------------------------------




Dreambox
----------------------------------------------------------------------------------------
root@DM800SEV2:~# openvpn --config /etc/openvpn/server.conf
Wed Mar 25 18:03:28 2015 OpenVPN 2.3.2 mipsel-oe-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Feb 15 2015
Wed Mar 25 18:03:28 2015 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Wed Mar 25 18:03:28 2015 Diffie-Hellman initialized with 1024 bit key
Wed Mar 25 18:03:28 2015 Cannot load certificate file /etc/openvpn/keys/DREAMBOX.csr: error:0906D06C:PEM routines:PEM_read_bio:no start line: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
Wed Mar 25 18:03:28 2015 Exiting due to fatal error
root@DM800SEV2:~#
----------------------------------------------------------------------------------------


I am sure there is some simple sollution for it , but where ?

If you use Easyrsa3 you should find the openssl.cnf error is fixed:
https://community.openvpn.net/openvpn/wiki/EasyRSA

rolandx wrote:Wed Mar 25 17:42:09 2015 Cannot load certificate file DREAMBOX.csr: error:0906D06C:PEM routines:PEM_read_bio:no start line: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib

DREAMBOX.csr is a certificate signing request not a certificate .. see the link above for full details and download.