I'm very new to this, but willing to learn. I installed Openwrt a few days ago, and I wanted to install an Open vpn server on my router. (Archer C6 EU) I did exactly as in the user guide documentation, with openvpn-openssl and openvpn-easy-rsa. It seemed to go well, but I cannot connect to the server in the router. I get the message "cipher is not set". I also tried to install the luci-app-openvpn, I thought maybe I can fix something from there, but I have no additional space for it. I googled for the cipher not set error, but found nothing.
Without your log files and configuration files, it will be impossible for us to help.
Side note: you will find that Wireguard is both easier to configure and higher performance than OpenVPN. Therefore, you may want to consider that instead.
Thanks a lot. As far as I googled, wireguard is used for navigating through a vpn encrypted tunnel. I'm not interested in that. I just want to access from anywhere my home network, but RD protocol is very unsafe. With the original TP-Link firmware a set up a vpn server, generated a certificate and with that I was able to access my home router with Openvpn, and from there I established a secure connection through RDesktop to my home computers without exposing the 3389 port publicly. Can I also do that with wireguard?
Yes, Wireguard is a VPN, just like OpenVPN. But it is more modern, faster, and easier to configure.
I use it myself to access my own network remotely as well as the networks at my dad's house and my in-law's, too.
Modern is very much how you look at it. If it is unmodern then TLS1.3 is unmodern and TLS1.3 is so new that internet hasn’t even fully implemented TLS1.3 yet.
Wireguard is ~20 years younger than OpenVPN. But, regardless of the age, Wireguard is most certainly more performant on embedded devices.
I am usually more interested in crypto security.
Fair enough, and important, of course. Possibly the most important thing.
AFAIK, core Wireguard has not had any 'surprises' yet regarding security issues. However, there were some issues related to a specific (or maybe multiple) implementation(s) (IIRC, it may have been pfsense or another router OS that released an implementation that was then found to have major issues).
As we know, the "yet" is likely a key point -- it seems secure so far, but someone somewhere will find a vulnerability at some point in the future.
Rode that pony too back in March.
Took a bite into WireGuard and don't look back in sadness.. WireGuard is the future.
If your commercial provider had it, here is where you should spend your OpenWrt efforts.
Otherwise you're looking at:
- New router
- This router and making your own image
- Back to stock and/or desktop OpenVPN
It's too early for me for that. I installed wireguard on the router, and now i'm watching tutorials about how to connect to it