From inside the network I tested my VPN by using one of my virtual WLAN's which is on a different subnet (Guest Network), I already had firewall rules in place to prevent the guest network accessing the private network, so the VPN and its route pushing was tested to see if I could access the private network via VPN while being on the guest subnet.
However you will need to know how your VPN behaves from the outside and you can test in a variety of locations:
a) Work
b) A friends house
c) Public Place with Wifi Hotspot
With the serious tweaking performed on the OpenVPN dd-wrt GUI over the past year, it is now a snap in order to get OpenVPN up and running and it is very stable as well!
Does this mean that there is no need to generate certificates for each DHCP client?
No, you need always to generate certificates for every single client.
Is there a guide for noob you can point me to showing how to generate these certificates without having to know linux command language.
something easier to follow than the wiki
Would this Using XCA to configure the OpenVPN PKI part as an alternative to OpenVPN's easy-rsa the easier choice?
Does this mean that there is no need to generate certificates for each DHCP client?
No, you need always to generate certificates for every single client.
Is there a guide for noob you can point me to showing how to generate these certificates without having to know linux command language.
something easier to follow than the wiki
Would this Using XCA to configure the OpenVPN PKI part as an alternative to OpenVPN's easy-rsa the easier choice?
This should get you started. Outlines how to generate the certificates on Windows (easy-rsa) or on a Linux based distro.
I used easy-rsa and it worked fine. I have never used the XCA method, but I know some users prefer it and it seems to work fine. Its really down to personal preference really on how you generate the keys and certificates.
Does this mean that there is no need to generate certificates for each DHCP client?
No, you need always to generate certificates for every single client.
Is there a guide for noob you can point me to showing how to generate these certificates without having to know linux command language.
something easier to follow than the wiki
Would this Using XCA to configure the OpenVPN PKI part as an alternative to OpenVPN's easy-rsa the easier choice?
This should get you started. Outlines how to generate the certificates on Windows (easy-rsa) or on a Linux based distro.
I used easy-rsa and it worked fine. I have never used the XCA method, but I know some users prefer it and it seems to work fine. Its really down to personal preference really on how you generate the keys and certificates.
I am not sure what am I screwing up other than just I am fairly new to dd-wrt in the first place much less try to make OpenVpn server work. Where can I go to recruit some guided help on TeamViewer to set up OpenVpn on my E3000 flashed with DD-WRT v24-sp2 (06/14/11) big ?
I ask again, do you know where I can recruit some paid help over team viewer to set up openvpn server on dd-wrt. I have pm'd a couple of moderators and I am awaiting any response. Too many manhours burnt already, welcome to open source.
I think everyone misses the part where you choose which type of configuration you are trying to setup, VPN Server or VPN Client.
I think RedAlert's excellent easy config guide / example is for setting your router as an OpenVPN Server. However, IT ASSUMES that you have all your required certificate files already on hand.
An easy analogy is that people can show you how to use and configure Facebook or Twitter all day, but if you don't go through the process of registering with Facebook and Twitter and get get your username and password to access their site, all the Facebook and Twitter guides and instructions in the world will be of no use to you because you will be stuck at the front door of the site.
What I am trying to say is that DD-WRT has come a long way with the Web GUI configuration for OpenVPN (client and server), but if you don't have what you need to configure your client or server (e.g. certificate, key and config files) All you are looking at is a nice Web GUI with no real functionality.
I often got lost/disoriented when reading posts, because the persons posting assumed that because they knew what type of configuration they were referring to, so did everyone else that was reading their post.
If you are an experienced user, you can pickup which type of config they are referring to by the context of their postings, however, if you are a Noob, it can get VERY confusing to follow and you could end-up screwing up your config if you follow a guide that is for SERVER when you are trying to setup a CLIENT or the other way around.
So figure out which config you are trying to set up.
A. OPENVPN CLIENT CONFIG:
You are trying to setup your router as an OpenVPN CLIENT that will establish a connection with an OpenVPN Server.
If this is your case you will need the following from your VPN Provider (paid or otherwise):
1) CA Certificate (typically a file called: ca.crt)
2) Client Certificate (typically a file called: client.crt)
3) Client Key (typically a file called: client.key)
4) Client Configuration file containing the VPN Provider's recommended settings to establish a tunnel with them (typically a file called: client.conf)
5) Optional TLS Authentication Key (typically a file called: ta.key)
B. OPENVPN SERVER CONFIG:
Your are trying to set up your router to be an OpenVPN SERVER that will be accepting connections from clients (routers, mobile devices, Linux, Mac or PCs).
YOU WILL need to generate your client certificate file (client.crt) and key file (client.key) so that you can provide them to your clients in similar fashion to what was outlined under option A above.
Now, YOU WILL ALSO need to generate the following certificates for YOUR OpenVPN SERVER:
1)Certificate Authority Certificate (ca.crt)
2)Public Server Certificate (server.crt)
3)Private Server Key (server.key)
4)Diffie-Hellman Encrypted Authentication Parameters file (dh1024.pem), you can also generate a larger file called (dh2048.pem). Please read up on this because the larger file will affect performance. For more information see http://www.ietf.org/rfc/rfc2631.txt
i just want to setup my dd-wrt to connect arethusa vpn server, but they just sent to me a certificate a config file and an account and pass , so i think somme files are missing ...
Did you follow this set of instructions? it explains what goes where,
This seems like a third option that makes your router a node on a sort of VPN mesh network.
Go to Services -> VPN.
1) Enable OpenVPN Daemon (not client).
2) Choose Start type: Wan up.
3) Open "arethusa-ca.crt" (provided to you by arethusa)with any text editor, select all the text and paste it in "Public Server Cert".
4) In "Private Client Key", enter the username for this tunnel on the first line, and the password on the second line. like this:
username
password
5) Open "arethusa.ovpn"(provided by arethusa) with any text editor, select all the text and paste it in "OpenVPN Config" section. You can remove all the commented lines to save some space.
6) Then, do the following modifications:
a) Replace the line: "ca arethusa-ca.crt" with:
ca /tmp/openvpn/ca.crt
b) Replace the line: "auth-user-pass" with:
auth-user-pass /tmp/openvpn/key.pem
Click on "Apply Settings". (I guess this creates a ca.crt and key.pem files?, it's unclear to me)
7) Go to Administration -> Commands and enter these 3 lines in "Commands":