OpenVPN configuration

thomasdc · January 16, 2017, 6:27pm

Hi!

I am new to Lede,
and now I would like to configure a VPN connection.

goal: I want to connect to my router from outside my network with openVPN
for my work i am a lot aboard. I used to have a fritzbox, and then i used FritzVPN to make a vpn tunnel.

But now i have a new provider and i installed a router and flashed lede on it.

I tried to follow this:
https://wiki.openwrt.org/doc/howto/vpn.openvpn

but i got stuck...

then i found in the luci interface of lede "openvpn-easy-rsa"
I dont know.. should i use this?

Is there somewhere a tutorial for 'noobs' like me?
I really could use a step by step guide to get my openVPN running.

Thanks a lot!!

Thomas

enri · January 16, 2017, 7:07pm

I made it work with this
https://wiki.openwrt.org/doc/howto/openvpn-streamlined-server-setup?rev=1476474996

I use the old version because the latest do not use Easy-ESA - I have no luck with the latest wiki page due to openssl error

The only thing I didd not follow them is:
Allow VPN Tunnel Utilization <----this is duplicate, make things not work. you don't need that 2 line uci add, because it has already been included in the firewall config file

RangerZ · January 17, 2017, 3:59am

While the tutorials walk one through making the keys on the router, there are Easy-RSA tools to make keys on the PC, which is so much easier. Then just upload the files.

enri · January 17, 2017, 4:57am

I agree. it takes ages in a slow router to gen the dh key. On a newer router like my WRT1900ACS, it is much faster, not to mention on PC

dlang · January 17, 2017, 5:17am

I agree. it takes ages in a slow router to gen the dh key. On a newer router like my WRT1900ACS, it is much faster, not to mention on PC

a fair chunk of the time is just getting enough randomness in the router, a busy
router will actually generate keys faster than a newly booted slow router.

David Lang

mrgenie · January 25, 2017, 12:56am

If it helps: this is my config file:

config openvpn 'private'

    option enabled '1'
    option client '1'

    option remote 'private.dom'
    option port '1197'

    option proto 'udp'
    option dev 'tap0'
    option tun_mtu '1500'
    option tun_mtu_extra '32'

    option ca '/etc/openvpn/ca.crt'
    option cert '/etc/openvpn/client.crt'
    option key '/etc/openvpn/client.key'
    #option tls_crypt '/etc/openvpn/ta.key'    //doesn't work on LEDE, bugged for several weeks already
    option tls_auth '/etc/openvpn/ta.key 1'

    option remote_cert_tls 'server'
    option verify_x509_name 'SERVER name'

    option tls_version_min '1.2'
    option tls_cipher 'TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384'
    option cipher 'AES-256-GCM'
    option auth 'SHA384'

    option comp_lzo 'no'
    option persist_key '1'
    option persist_tun '1'
    option nobind '1'
    option float '1'
    option resolv_retry 'infinite'

    option status '/etc/openvpn/status 5'
    option log '/etc/openvpn/log'
    option verb '3'

and if you're really a total noob.. I suggest you read the wiki at openwrt. Everything you need is there.