So, I'm following the guide for setting up a VPN server but it's not exactly great on detail.
Like for step one on the firewall, it's telling me to edit the config on the firewall. I can do that but... Where is it located? SSH? Or am I able to see it on the GUI page?
That's the main issue it doesn't tell me where anything is located.
Are you sure you've checked the links at the top of that article, above the Introduction section?
No, but now that I have I know the location of the firewall config.
Although I still don't know where they are on step one. Capture|690x278 I don't see a commented out spot in the firewall config that says "# Configure firewall" unless I have to add it. But if I do it doesn't say where. I would assume at the bottom of the config.!
Those are uci commands for the router CLI shell. Cut the whole block to your PC clipboard then paste it into an open ssh session. The commands will then execute line by line on the router. (A line that starts with # doesn't do anything). Each one changes one little part of the configuration, by altering or adding lines to /etc/config/firewall. Running UCI is an alternative to editing /etc/config/firewall directly.
As @stangri said read those background pages especially the first one. You don't necessarily need to know uci to paste in a recipe, but some understanding of the CLI will be essential here.
@mk24 Thank you! Was just making sure, the # made me think it was something commented out in a script.
Technically it is a very simple script-- since it's just a linear sequence of instructions you don't need to save it in a file before executing it.
Am I able to generate the key on my desktop and transfer it over? Or am I gonna have to torture test my router?
You can generate your certificates on a desktop but make sure the key usage is set to "https server" for the server and "https client" on the clients. In other words don't make the certificates too permissive.
The OpenVPN basic/client how-tos rely on the properly generated certificates.
That's why it is recommended to utilize EasyRSA to generate keys and certificates correctly especially for inexperienced users.
You can run EasyRSA on your PC if you want, just make sure the PKI directory is in the right place.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.