Importing my .ovpn file into my DDWRT router. Having issues on matching up parameters
I just setup ovpn on my ubuntu server and I generated a .ovpn file as seen below. It works on my desktop using the openVPN client using the file. Now I want to import this into my DDWRT router, but I have to manually pick the parameters as seen below.
I'm stuck as to what I need to put in the DDWRT setting according to my .ovpn file.
As for the tls-cipher, I can't find the setting in DDWRT for TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256. I'm not sure what to pick or do I need to change this on my server side?
Also what do I pick for LZO compression?
And I'm not sure if my keys are going to the correct place as seen below.
What else could I be missing here?
client
proto udp
remote xxxx 10111
dev tun
sndbuf 393216
rcvbuf 393216
push "sndbuf 393216"
push "rcvbuf 393216"
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_IzA1QdFzHLRFfEoQ name
auth SHA256
auth-nocache
cipher AES-128-CBC
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
<ca>
-----BEGIN CERTIFICATE-----
MIIBwTCCAWegAwIBAgIJAPTWURaFGpO8MAoGCCqGSM49BAMCMB4xHDAaBgNVBAMM
...
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIBzjCCAXWgAwIBAgIQPwmzIhO7HLkB/Ab7kWjbmjAKBggqhkjOPQQDAjAeMRww
....
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgIVRqxim4yAGyUect
....
-----END PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
72efdfa2e6181538f162076a62dc0330
...
-----END OpenVPN Static key V1-----
</tls-crypt>
openvpn dd-wrt
add a comment |
I just setup ovpn on my ubuntu server and I generated a .ovpn file as seen below. It works on my desktop using the openVPN client using the file. Now I want to import this into my DDWRT router, but I have to manually pick the parameters as seen below.
I'm stuck as to what I need to put in the DDWRT setting according to my .ovpn file.
As for the tls-cipher, I can't find the setting in DDWRT for TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256. I'm not sure what to pick or do I need to change this on my server side?
Also what do I pick for LZO compression?
And I'm not sure if my keys are going to the correct place as seen below.
What else could I be missing here?
client
proto udp
remote xxxx 10111
dev tun
sndbuf 393216
rcvbuf 393216
push "sndbuf 393216"
push "rcvbuf 393216"
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_IzA1QdFzHLRFfEoQ name
auth SHA256
auth-nocache
cipher AES-128-CBC
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
<ca>
-----BEGIN CERTIFICATE-----
MIIBwTCCAWegAwIBAgIJAPTWURaFGpO8MAoGCCqGSM49BAMCMB4xHDAaBgNVBAMM
...
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIBzjCCAXWgAwIBAgIQPwmzIhO7HLkB/Ab7kWjbmjAKBggqhkjOPQQDAjAeMRww
....
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgIVRqxim4yAGyUect
....
-----END PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
72efdfa2e6181538f162076a62dc0330
...
-----END OpenVPN Static key V1-----
</tls-crypt>
openvpn dd-wrt
add a comment |
I just setup ovpn on my ubuntu server and I generated a .ovpn file as seen below. It works on my desktop using the openVPN client using the file. Now I want to import this into my DDWRT router, but I have to manually pick the parameters as seen below.
I'm stuck as to what I need to put in the DDWRT setting according to my .ovpn file.
As for the tls-cipher, I can't find the setting in DDWRT for TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256. I'm not sure what to pick or do I need to change this on my server side?
Also what do I pick for LZO compression?
And I'm not sure if my keys are going to the correct place as seen below.
What else could I be missing here?
client
proto udp
remote xxxx 10111
dev tun
sndbuf 393216
rcvbuf 393216
push "sndbuf 393216"
push "rcvbuf 393216"
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_IzA1QdFzHLRFfEoQ name
auth SHA256
auth-nocache
cipher AES-128-CBC
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
<ca>
-----BEGIN CERTIFICATE-----
MIIBwTCCAWegAwIBAgIJAPTWURaFGpO8MAoGCCqGSM49BAMCMB4xHDAaBgNVBAMM
...
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIBzjCCAXWgAwIBAgIQPwmzIhO7HLkB/Ab7kWjbmjAKBggqhkjOPQQDAjAeMRww
....
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgIVRqxim4yAGyUect
....
-----END PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
72efdfa2e6181538f162076a62dc0330
...
-----END OpenVPN Static key V1-----
</tls-crypt>
openvpn dd-wrt
I just setup ovpn on my ubuntu server and I generated a .ovpn file as seen below. It works on my desktop using the openVPN client using the file. Now I want to import this into my DDWRT router, but I have to manually pick the parameters as seen below.
I'm stuck as to what I need to put in the DDWRT setting according to my .ovpn file.
As for the tls-cipher, I can't find the setting in DDWRT for TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256. I'm not sure what to pick or do I need to change this on my server side?
Also what do I pick for LZO compression?
And I'm not sure if my keys are going to the correct place as seen below.
What else could I be missing here?
client
proto udp
remote xxxx 10111
dev tun
sndbuf 393216
rcvbuf 393216
push "sndbuf 393216"
push "rcvbuf 393216"
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_IzA1QdFzHLRFfEoQ name
auth SHA256
auth-nocache
cipher AES-128-CBC
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
<ca>
-----BEGIN CERTIFICATE-----
MIIBwTCCAWegAwIBAgIJAPTWURaFGpO8MAoGCCqGSM49BAMCMB4xHDAaBgNVBAMM
...
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIBzjCCAXWgAwIBAgIQPwmzIhO7HLkB/Ab7kWjbmjAKBggqhkjOPQQDAjAeMRww
....
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgIVRqxim4yAGyUect
....
-----END PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
72efdfa2e6181538f162076a62dc0330
...
-----END OpenVPN Static key V1-----
</tls-crypt>
openvpn dd-wrt
openvpn dd-wrt
asked Jan 8 at 16:05
Patoshi パトシPatoshi パトシ
7851923
7851923
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
I commented out alot of the options in the ovpn file as seen below. I even turned off the tls-ciphers so I didn't have to deal with it in the advanced options in the openvpn setting in DDWRT. I then made sure it works on my desktop client.
Also I did a test by going into the DDWRT router via telnet. And copied the .ovpn file and ran the openvpn myconf.ovpn command, which verifies that its working:
From there I copied the entire .ovpn file into the advanced options > additional config input box.
It wasn't working at first, but I enabled NAT and it started working!!!!
It should look like this on the status page:
client
proto udp
remote xxx.xxx 10111
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_IzA1QdFzHLRFfEoQ name
tun-mtu 1500
auth SHA256
auth-nocache
#cipher AES-128-GCM
#cipher AES-128-CBC
#tls-client
#tls-version-min 1.2
#tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
#tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
#tls-cipher TLS-DHE-RSA-WITH-AES-128-CBC-SHA
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
<ca>
-----BEGIN CERTIFICATE-----
MIIBwTCCAWegAwIBAgIJAPTWURaFGpO8MAoGCCqGSM49BAMCMB4xHDAaBgNVBAMM
E......lVFCu0XPwgppkhW2bNblbfbUOBMi
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIBzjCCAXWgAwIBAgIQPwmzIhO7HLkB/Ab7kWjbmjAKBggqhkjOPQQDAjAeMRww
......iAaZmAMfTcLtsMjw4OO+0J7/m8Aqefo46VPZW4bkabMtA==
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgIVRqxim4yAGyUect
....+Uy+t8Sej1lieG/D3cBVoFkSu2sUvP0FLmFL0eV56VceQKTtk1wtM0N
-----END PRIVATE KEY-----
</key>
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1391928%2fimporting-my-ovpn-file-into-my-ddwrt-router-having-issues-on-matching-up-param%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
I commented out alot of the options in the ovpn file as seen below. I even turned off the tls-ciphers so I didn't have to deal with it in the advanced options in the openvpn setting in DDWRT. I then made sure it works on my desktop client.
Also I did a test by going into the DDWRT router via telnet. And copied the .ovpn file and ran the openvpn myconf.ovpn command, which verifies that its working:
From there I copied the entire .ovpn file into the advanced options > additional config input box.
It wasn't working at first, but I enabled NAT and it started working!!!!
It should look like this on the status page:
client
proto udp
remote xxx.xxx 10111
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_IzA1QdFzHLRFfEoQ name
tun-mtu 1500
auth SHA256
auth-nocache
#cipher AES-128-GCM
#cipher AES-128-CBC
#tls-client
#tls-version-min 1.2
#tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
#tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
#tls-cipher TLS-DHE-RSA-WITH-AES-128-CBC-SHA
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
<ca>
-----BEGIN CERTIFICATE-----
MIIBwTCCAWegAwIBAgIJAPTWURaFGpO8MAoGCCqGSM49BAMCMB4xHDAaBgNVBAMM
E......lVFCu0XPwgppkhW2bNblbfbUOBMi
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIBzjCCAXWgAwIBAgIQPwmzIhO7HLkB/Ab7kWjbmjAKBggqhkjOPQQDAjAeMRww
......iAaZmAMfTcLtsMjw4OO+0J7/m8Aqefo46VPZW4bkabMtA==
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgIVRqxim4yAGyUect
....+Uy+t8Sej1lieG/D3cBVoFkSu2sUvP0FLmFL0eV56VceQKTtk1wtM0N
-----END PRIVATE KEY-----
</key>
add a comment |
I commented out alot of the options in the ovpn file as seen below. I even turned off the tls-ciphers so I didn't have to deal with it in the advanced options in the openvpn setting in DDWRT. I then made sure it works on my desktop client.
Also I did a test by going into the DDWRT router via telnet. And copied the .ovpn file and ran the openvpn myconf.ovpn command, which verifies that its working:
From there I copied the entire .ovpn file into the advanced options > additional config input box.
It wasn't working at first, but I enabled NAT and it started working!!!!
It should look like this on the status page:
client
proto udp
remote xxx.xxx 10111
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_IzA1QdFzHLRFfEoQ name
tun-mtu 1500
auth SHA256
auth-nocache
#cipher AES-128-GCM
#cipher AES-128-CBC
#tls-client
#tls-version-min 1.2
#tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
#tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
#tls-cipher TLS-DHE-RSA-WITH-AES-128-CBC-SHA
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
<ca>
-----BEGIN CERTIFICATE-----
MIIBwTCCAWegAwIBAgIJAPTWURaFGpO8MAoGCCqGSM49BAMCMB4xHDAaBgNVBAMM
E......lVFCu0XPwgppkhW2bNblbfbUOBMi
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIBzjCCAXWgAwIBAgIQPwmzIhO7HLkB/Ab7kWjbmjAKBggqhkjOPQQDAjAeMRww
......iAaZmAMfTcLtsMjw4OO+0J7/m8Aqefo46VPZW4bkabMtA==
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgIVRqxim4yAGyUect
....+Uy+t8Sej1lieG/D3cBVoFkSu2sUvP0FLmFL0eV56VceQKTtk1wtM0N
-----END PRIVATE KEY-----
</key>
add a comment |
I commented out alot of the options in the ovpn file as seen below. I even turned off the tls-ciphers so I didn't have to deal with it in the advanced options in the openvpn setting in DDWRT. I then made sure it works on my desktop client.
Also I did a test by going into the DDWRT router via telnet. And copied the .ovpn file and ran the openvpn myconf.ovpn command, which verifies that its working:
From there I copied the entire .ovpn file into the advanced options > additional config input box.
It wasn't working at first, but I enabled NAT and it started working!!!!
It should look like this on the status page:
client
proto udp
remote xxx.xxx 10111
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_IzA1QdFzHLRFfEoQ name
tun-mtu 1500
auth SHA256
auth-nocache
#cipher AES-128-GCM
#cipher AES-128-CBC
#tls-client
#tls-version-min 1.2
#tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
#tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
#tls-cipher TLS-DHE-RSA-WITH-AES-128-CBC-SHA
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
<ca>
-----BEGIN CERTIFICATE-----
MIIBwTCCAWegAwIBAgIJAPTWURaFGpO8MAoGCCqGSM49BAMCMB4xHDAaBgNVBAMM
E......lVFCu0XPwgppkhW2bNblbfbUOBMi
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIBzjCCAXWgAwIBAgIQPwmzIhO7HLkB/Ab7kWjbmjAKBggqhkjOPQQDAjAeMRww
......iAaZmAMfTcLtsMjw4OO+0J7/m8Aqefo46VPZW4bkabMtA==
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgIVRqxim4yAGyUect
....+Uy+t8Sej1lieG/D3cBVoFkSu2sUvP0FLmFL0eV56VceQKTtk1wtM0N
-----END PRIVATE KEY-----
</key>
I commented out alot of the options in the ovpn file as seen below. I even turned off the tls-ciphers so I didn't have to deal with it in the advanced options in the openvpn setting in DDWRT. I then made sure it works on my desktop client.
Also I did a test by going into the DDWRT router via telnet. And copied the .ovpn file and ran the openvpn myconf.ovpn command, which verifies that its working:
From there I copied the entire .ovpn file into the advanced options > additional config input box.
It wasn't working at first, but I enabled NAT and it started working!!!!
It should look like this on the status page:
client
proto udp
remote xxx.xxx 10111
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_IzA1QdFzHLRFfEoQ name
tun-mtu 1500
auth SHA256
auth-nocache
#cipher AES-128-GCM
#cipher AES-128-CBC
#tls-client
#tls-version-min 1.2
#tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
#tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
#tls-cipher TLS-DHE-RSA-WITH-AES-128-CBC-SHA
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
<ca>
-----BEGIN CERTIFICATE-----
MIIBwTCCAWegAwIBAgIJAPTWURaFGpO8MAoGCCqGSM49BAMCMB4xHDAaBgNVBAMM
E......lVFCu0XPwgppkhW2bNblbfbUOBMi
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIBzjCCAXWgAwIBAgIQPwmzIhO7HLkB/Ab7kWjbmjAKBggqhkjOPQQDAjAeMRww
......iAaZmAMfTcLtsMjw4OO+0J7/m8Aqefo46VPZW4bkabMtA==
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgIVRqxim4yAGyUect
....+Uy+t8Sej1lieG/D3cBVoFkSu2sUvP0FLmFL0eV56VceQKTtk1wtM0N
-----END PRIVATE KEY-----
</key>
answered Jan 11 at 5:15
Patoshi パトシPatoshi パトシ
7851923
7851923
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1391928%2fimporting-my-ovpn-file-into-my-ddwrt-router-having-issues-on-matching-up-param%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown