OpenVPN Support Forum

Hello,

Newbie with CAs, server certs, client keys, etc.

My situation - I have a Microhard Bullet 9 LTE modem that I can only import OpenVPN CAs, server certs, etc. From what I have read on the forum it is best to create the CA and server cert on the device that will be the server - in this case my Microhard. Does anyone have any suggestions on how I can best go about this or provide a link to a similar post? I have installed EasyRSA 3.0 - not sure how to tell if my microhard will be compatible with certs/keys generated by 3.0 or if I should use 2.0?

Any help is greatly appreciated.

Thanks,
MrTrent

More on my question....Here is a summary of configuration screen:

VPN Setup
OpenVPN Mode Server
Device Type TUN
Topology NET30
Tunnel Protocol UDP
Port 1194

Server Virtual Subnet / Netmask 10.8.0.0 / 255.255.255.0

Authentication:

Root Certificate ca.crt

Public Server Certificate server.crt

Private Server Key server.key

Passphrase for Private Server Key •••••

Certificate Revocation List N/A

User/Password Authentication
Client Cert is Required
User Name List testuser

Miscellaneous:
Diffie hellman parameter DH2048
TLS Auth Key [ta.key]
Data Channel Cipher AES-256-CBC
Duplicate Common Name No
Client Isolation Yes

Use Compression Disable

And these are the errors I get:

Error in Public Server Certificate: Public Server Certificate is not exist/uploaded
Error in Private Server Key: Private Server Key is not exist/uploaded
Error in Client Certificate Client Certificate: Certificate error
Error in Client Certificate Client Key: key error

Not sure why I am getting Client Errors when setting up a server

Any feedback would be greatly appreciated.

Thanks
Mrtrent

All the files which are created by EasyRSA are universally compatible. You do not need to generate them on your device and probably should not, due to a lack of entropy.

Thanks for the reply.

It appears that I generated my CA, server certificate and key successfully using easyRSA (no errors anyway) and imported them to the microhard modem. Is there a way to check if I completed the first step (or what I assume is the first step) correctly? ie is there a way to discern that my issue is with the Microhard modem or with how I generated the certs and keys?

Just learning here and I appreciate any feedback.

mrtrent

I don't know anything about your device ..

If you get openvpn to start then read your openvpn log file.

I use a netgear 2440 box with pfsense for another openVPN instance, but the PFsense software handles the server and client certificate management. I can export an openvpn config file for my client computer and it works fine.
The device I am using now:

http://www.microhardcorp.com/BulletCAT9.php

Just lets me import certificates and keys.

Using windows 10 unfortunately as my client computer but no other option.

Thanks
mrtrent

Please start here:
viewtopic.php?f=30&t=22603

Thanks for the help

My pleasure.

If all else fails then you can contact me for private support.

Got the issue solved.

As always, user error.

Thanks TinCanTech for the thoughts and links

hello @alquiler

A need to understand hwo configure OPEN VPN in Mricrohard modem CAT4-gl, can you help me. necesito asociar los certificados generados por firewall palo alto en el microhard, si bien veo que tiene un formato .