Hello,
my goal is to access my router from everywhere in order to have access to files on the server, but also to use internet through my router (i.e. use the local one just to establish the tunnel).
I followed this guide https://wiki.openwrt.org/doc/howto/openvpn-streamlined-server-setup#tab__config. The resulting pkcs file containing the private key was established (my-server.p12 in my openvpn config file) with a non-encrypted private key, I checked that.
However, upon start of the vpn I get this error:
neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Private Key Password:
I found a couple of hints that this may be due to an encrypted server private key, which does not apply to my case.
Any help would be appreciated. Here is the openvpn configuration file I used:
config openvpn 'VPNserver'
option enabled 1
# Protocol #
#------------------------------------------------
option dev 'tun'
option dev 'tun0'
option topology 'subnet'
option proto 'udp'
option port 5000
# Routes #
#------------------------------------------------
option server '192.168.10.0 255.255.255.240'
option ifconfig '192.168.10.1 255.255.255.240'
# Client Config #
#------------------------------------------------
# option ccd_exclusive 1
# option ifconfig_pool_persist '/etc/openvpn/clients/ipp.txt'
# option client_config_dir '/etc/openvpn/clients/'
# Pushed Routes #
#------------------------------------------------
list push 'route 192.168.1.0 255.255.255.0'
list push 'dhcp-option DNS 192.168.1.1'
list push 'dhcp-option WINS 192.168.1.1'
list push 'dhcp-option DNS 208.67.222.123'
list push 'dhcp-option DNS 208.67.220.123'
list push 'dhcp-option NTP 129.6.15.30'
# Encryption #
#------------------------------------------------
# Diffie-Hellman:
option dh '/etc/ssl/openvpn/dh4096.pem'
# PKCS12:
option pkcs12 '/etc/ssl/openvpn/my-server.p12'
# SSL:
option cipher AES-256-CBC
option auth 'SHA512'
option tls_auth '/etc/ssl/openvpn/tls-auth.key 0'
# TLS:
option tls_server 1
option tls_version_min 1.2
option tls_cipher 'TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384:!LOW:!EXP:!SRP:!kRSA' # deleted some unavailable ciphers
# Logging #
#------------------------------------------------
option log_append '/tmp/openvpn.log'
option status '/tmp/openvpn-status.log'
option verb 4
# Connection Options #
#------------------------------------------------
option keepalive '10 120'
option comp_lzo 'yes'
# Connection Reliability #
#------------------------------------------------
option client_to_client 1
option persist_key 1
option persist_tun 1
# Connection Speed #
#------------------------------------------------
option sndbuf 393216
option rcvbuf 393216
option fragment 0
option mssfix 0
option tun_mtu 48000
# Pushed Buffers #
#------------------------------------------------
list push 'sndbuf 393216'
list push 'rcvbuf 393216'
# Permissions #
#------------------------------------------------
option user 'nobody'
option group 'nogroup'
# chroot #
#------------------------------------------------
# chroot should be utilized in case the VPN is ever exploited; however, most commercial
# routers don't have internal flash storage large enough to support it. An OpenVPN
# chroot would be ~11MB in size.
# Modify if chroot is configured #
#--------------------------------------------
# option ccd_exclusive 1
# option ifconfig_pool_persist /var/chroot-openvpn/etc/openvpn/clients/ipp.txt
# option client_config_dir /var/chroot-openvpn/etc/openvpn/clients
# option cipher AES-256-CBC
# option dh /var/chroot-openvpn/etc/ssl/openvpn/dh2048.pem
# option pkcs12 /var/chroot-openvpn/etc/ssl/openvpn/vpn-server.p12
# option tls_auth '/var/chroot-openvpn/etc/ssl/openvpn/tls-auth.key 0'
Thanks,
Osc