gaga wrote:JW0914 wrote:EDIT
I do understand how that could be confusing to someone who's never setup a VPN server config before, so I've edited the config in the Wiki, removing the extras directories. The edited config:
config openvpn 'VPNserver'
option enabled '1'
# --- Protocol ---#
option dev 'tun'
option dev 'tun0'
option topology 'subnet'
option proto 'udp'
option port '1194'
#--- Routes ---#
option server '10.1.1.0 255.255.255.0'
#--- Client Config ---#
# option ccd_exclusive '1'
# option ifconfig_pool_persist '/etc/openvpn/clients/ipp.txt'
# option client_config_dir '/etc/openvpn/clients/'
option ifconfig '10.1.1.1 255.255.255.0'
#--- Pushed Routes ---#
list push 'route 192.168.1.0 255.255.255.0'
list push 'dhcp-option DNS 192.168.1.1'
list push 'dhcp-option WINS 192.168.1.1'
list push 'dhcp-option DNS 8.8.8.8'
list push 'dhcp-option DNS 8.8.4.4'
list push 'dhcp-option NTP 129.6.15.30'
#--- Encryption ---#
option cipher 'AES-256-CBC'
option dh '/etc/openvpn/keys/dh2048.pem'
option pkcs12 '/etc/openvpn/keys/my-server.p12'
option tls_auth '/etc/openvpn/keys/ta.key 0'
#--- Logging ---#
option log '/tmp/openvpn.log'
option status '/tmp/openvpn-status.log'
option verb '7'
#--- Connection Options ---#
option keepalive '10 120'
option comp_lzo 'yes'
#--- Connection Reliability ---#
option client_to_client '1'
option persist_key '1'
option persist_tun '1'
#--- Connection Speed ---#
option sndbuf '393216'
option rcvbuf '393216'
option fragment '0'
option mssfix '0'
option tun_mtu '48000'
#--- Pushed Buffers ---#
list push 'sndbuf 393216'
list push 'rcvbuf 393216'
#--- Permissions ---#
option user 'nobody'
option group 'nogroup'
I see, thanks!
The "ta.key" is the "my-server.key"?
What shall I do with the "Permissions"? Leave it as is?
My bad, I left out a step. It's been awhile since I created my VPN.
To create the ta.key, run (if I recall right, it's run from within the /etc/openvpn/keys/ directory)
openvpn --genkey --secret ta.key
The my-server.p12 is the VPN Server's certificate you created with build-key-server my-server. I also left out the step to create a p12 for the server, as the above command will generate a my-server.crt and my-server.csr
cd /etc/config/openvpn/keys
openssl pkcs12 -export -in my-server.crt -inkey my-server.key -certfile ca.crt -name My-Server -out my-server.p12
The wiki will updated with the correct information in a few minutes
(Last edited by JW0914 on 8 Jul 2015, 01:47)