I've followed this this guide to the letter, but it leaves me with being unable to route traffic.
The newer guide posted here omits the various warnings (eg not using port 1194) but am unsure if it it would result in a usable configuration.
Is it possible to use a Linux VM instead and upload the generated certificates, ca, etc?
Using the configuration generated by the older guide results in newer versions of OpenVPN complaining that the cipher used is too weak and to regenerate the certificates.
Does the version of easyrsa included with OpenWRT nightlies still suffer from this bug (producing insecure certificates)?
I'm using head revision r11266.
Which frontend is better for Mac users: MacGPG or GnuPG?
The first guide is on web archive, so it doesn’t surprise me it’s outdated. The second is on the current wiki.
With security, at some point, you should take the time to understand why decisions are made and make ones that match you own needs. As an example, use of a non-standard port is “security through obscurity “ which many believe adds no additional security,mainly just complexity.
macOS includes OpenSSL tooling. GPG is probably available through “brew” (Homebrew) or the other package managers. It is not needed to set up OpenVPN.
Sidenote, sometimes this is not really avoidable, if say you want to reach multiple internal hosts via SSH from the WAN side using port 22 for all is going to be "interesting"*, but in general I agree with @jeff, changing ports will at best rid you of the very low-key attacks attempts only (those that restrict themselves to canonical port numbers).
Check the file permissions with ls -l and, if needed chmod +w
Make sure you still have at least 192 kB free on your overlay.
If not, some prayer and a reflash is in order.
On the side note, I now use the jump-host feature of OpenSSH to access multiple hosts. Configuring it in ssh_config (as I recall) makes it transparent on the remote’s command line.