daveraver

Member Since 13 Dec 2015
Offline Last Active 31 Jan 2024 17:53

Find content

Community Stats

Group Senior Member
Active Posts 412 ( per day)
Profile Views 4,389
Age 47 years old
Birthday March 23, 1977
Gender
Male

Contact Information

5 Neutral

Friends

daveraver hasn't added any friends yet.

Latest Visitors

Stosun
9 Mar 2021 - 14:17
Rudi1
2 Dec 2020 - 21:51
Pr2
26 Jan 2019 - 19:02
urias84
18 Aug 2018 - 03:27
mrvica
11 Aug 2018 - 10:42

Received

#1280369 OpenPLi Release Candidate 8.0 available.

Posted by daveraver on 2 December 2020 - 17:10

Hi, installed on zero 4k after 3 tries because of connection dificulties to feeds.

very happy and proud of openpli team and the development of kodi 18.9 leia, here a zero 4k.

cheers

#650397 Build a Server VPN with openvpn - create certificate files - configure client...

Posted by daveraver on 14 January 2017 - 11:55

Don't forget to create a wiki page where users can update there: https://wiki.openpli.org/OpenVPN-Setup

Ok, thank you, I've finsihed the wiki page right now, if somebody want to edit it to do better design...cheers!

#650244 Build a Server VPN with openvpn - create certificate files - configure client...

Posted by daveraver on 14 January 2017 - 01:42

I want to share my experience creating a vpn server on openpli 4.0.

First of all, install openvpn

opkg install openvpn

Next, we will create files ca.crt, server.crt, server.key, same files for clients, client.crt, client.key, following this link (I've been guided to the link by littlesat, thanks):

https://community.openvpn.net/openvpn/wiki/Easy_Windows_Guide

I saw that doing openvpn --help on box command line, all files have to be .pem extension. Let's to convert the files:

Follow this guide:

https://blog.didiers...ssl-on-windows/

up to finish this three last steps:

set RANDFILE=c:\demo\.rnd
set OPENSSL_CONF=C:\OpenSSL-Win32\bin\openssl.cfg
c:\OpenSSL-Win32\bin\openssl.exe

Now, in this mode, you can convert .crt and .key files to .pem for server files, to put in stb at /etc/openvpn/

$ openssl> x509 -in filename.crt -inform DER -out filename.crt.pem -outform PEM
$ openssl> rsa -in filename.key -out filename.key.pem -outform PEM

The ca.cert file, he have to open the certificate in windows OS and select details tab> copy file>convert to binary DER x509 and select destination folder to save.

Then we convert the ca.cer file to .pem file:

OpenSSL>x509 -inform DER -in ca.cer -outform PEM -out ca.pem

All these conversions to .pem extension is based on openvpn --help binnary information of our instalation of openvpn in our STB, maybe it's not necessary.

dh2048.pem have to locate at openvpn config directory too, /etc/openvpn

I add two extra .pem files to the directory 01.pem and 02.pem, they have been generated on the files creation, they contains key info, I dont know if there is duplicity of information.

Lets to put the server config file parameters /etc/openvpn/server.conf

local 192.168.xxx.xxx (local network IP)
server 10.8.0.0 255.255.255.0 (for example)
tls-server
proto udp
port 443 (sample port)
dev tun
ca ca.pem
dh dh2048.pem
cert server.crt.pem
key server.key.pem
extra-certs 01.pem
extra-certs 02.pem
ifconfig-pool-persist ipp.txt
comp-lzo
float
ping-timer-rem
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
verb 3
keepalive 10 120

Client profile *.ovpn (tested on android openvpn app).

client
dev tun
proto udp
remote 'hostname(NOIP) or Public IP' 443 (sample port)
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ca /file_path/ca.crt
cert /file_path/client.crt
key /file_path/client.key
ns-cert-type server
cipher bf-cbc
comp-lzo
verb 3
mute 20

The port we are going to use to vnp connection have to be opened, of course, and you can forward to other external different port as you know.

Happy VPN connection.

ATTENTION !!!