|Hostname|OpenWrt| |---|---| |Model|Linksys WRT3200ACM| |Firmware Version|OpenWrt SNAPSHOT r6755-d089a5d / LuCI Master (git-18.113.52925-0c30ee0)|
I set up an OpenVPN server on LEDE, running on a WRT 3200ACM using the instructions at: https://wiki.openwrt.org/doc/howto/vpn.openvpn
I used the "OpenSSL" commands sections, and pasted these into bash scripts then ran them. This got me a working VPN that I could connect to from outside my LAN, usually from an Android phone over 4G.
The SSL certificate that it created had an expiry date of 30 days, not really quite sure why.
I tried logging into the router and running this script again. One of the commands seems to fail, and clients can't connect to the VPN server. Upon checking, my-client.crt seems to be a 0 bytes file, so it's empty. The command which is failing is:
ca -batch -keyfile "ca.key" -cert "ca.crt" -in "my-server.csr" -out "my-server.crt" -config /etc/openvpn/ssl/openssl.cnf -extensions my-server
This fails with:
Using configuration from /etc/openvpn/ssl/openssl.cnf Check that the request matches the signature Signature ok ERROR:There is already a certificate for /CN=my-server The matching entry has the following details Type :Valid Expires on :280421111903Z Serial Number :1000 File name :unknown Subject Name :/CN=my-serve
Any ideas how to delete this certificate, and more importantly create it with a longer expiry time? Ideally I'd like to make the certificate valid for thousands of days, so that it's never a concern.
I'm aware that by following these instructions, I have set up a VPN which is not using the most secure encryption.
I tried to do this using the easy-rsa scripts and pkitool. Various instructions tell me that I need to use pkitool commands. Even after installing openvpn-easy-rsa I can't find any pkitool command.
I'd be happy to reset the router back to factory defaults and start the VPN configuration again, but all of the instructions for using easy-rsa seem to be a bit out of date. Most of them reference commands which don't work.
Does anyone have a link to the most recent guide for getting an OpenVPN server up and running, which are up to date and actually working?