Creating Cert & Key Files ?
194 views
Skip to first unread message
Scott
Aug 19, 2016, 2:23:07 PM8/19/16
to tunnelblick-discuss
I am setting up my own home openVPN server on a dd wrt router that I would like to access from overseas from my iPhone and macbook when on wifi.
DD WRT router is all configured and ready to accept openVPN files.
I have created a DDNS account with freedns.afraid.org that points a URL to my router and configured that in DD WRT. This seems to be updating okay. I read that this was required for openVPN server on DD WRT router, but I'm not sure where or how to apply this yet.
I have installed Tunnelblick on my macbook, and openVPN on my iPhone.
I have researched and understand (I think) the router needs me to paste in text from 4 files:
- ca.crt
- server cert file
- server key file
- pem file
I have researched and understand (I think) that for openVPN client connection needs 3 files:
- ca.crt (same file as server)
- client cert file
- client key file
So I'm trying to create the files, but I don't really understand the relationship between the .ovpn file and the text files. After my openVPN server gets configured with text files, Iphone seems to need to import .ovpn file. Tunnelblick on my Macbook seems to just need one .ovpn file also that gets dropped on the Tunnelblick icon in my status bar.
When I read through openVPN help, they show step by step how to create the cert and key files, but this is in a Windows environment using 'easy-rsa'. They pointed me to Tunnelblick for OS X environment.
I have read a load on Tunnelblick, including the 'read me first before posting' area, and in particular have combed through the 'setting up and configuration' section, and the 'files contained in the TB configuration'. However, within the Tunnelblick documentation, the only thing I have found, is "Copy all the files related to the configuration(s) into the folder", but I have not found how to create them.
I have read a load on Tunnelblick, including the 'read me first before posting' area, and in particular have combed through the 'setting up and configuration' section, and the 'files contained in the TB configuration'. However, within the Tunnelblick documentation, the only thing I have found, is "Copy all the files related to the configuration(s) into the folder", but I have not found how to create them.
I have tried to follow intuition on start up of Tunnelblick to create the files. Without any configurations present, it offers up a sample config file and sets things up with instructions what to do with the folder, but these instructions also say to add the cert and key files, but I don't know where they are or how to create them. I have read on Tunnelblick docs that the cert and key information is in the configuration files, so I tried changing the name of the sample file and adding it to the TB icon in status bar but it said that it was a sample file, not what it wants.
Questions:
- Is there a tutorial that shows how to create the necessary text files to put into openVPN server and how to create certs and keys using Tunnelblick? Something similar to what openVPN did for Windows users?
- Is .ovpn config file sort of a master file with all keys and certs inside? It seems like DD WRT needs the actual text files dropped in, but Tunnelblick and iPhone app can draw them out of the .ovpn file only.
- Do I need to use URL through DDNS like I set up, and where does this get configured?
- Is there a tutorial on what changes need to be made to the sample config.ovpn file for a new setup?
Thank you for any help, and thank you for helping out Mac users!
Questions:
- Is there a tutorial that shows how to create the necessary text files to put into openVPN server and how to create certs and keys using Tunnelblick? Something similar to what openVPN did for Windows users?
- Is .ovpn config file sort of a master file with all keys and certs inside? It seems like DD WRT needs the actual text files dropped in, but Tunnelblick and iPhone app can draw them out of the .ovpn file only.
- Do I need to use URL through DDNS like I set up, and where does this get configured?
- Is there a tutorial on what changes need to be made to the sample config.ovpn file for a new setup?
Thank you for any help, and thank you for helping out Mac users!
Tunnelblick developer
Aug 19, 2016, 3:10:34 PM8/19/16
to tunnelblick-discuss, scott...@gmail.com
Yes, you create all the files, since you are acting as your own VPN service provider.
Tunnelblick is just a GUI for OpenVPN, so most of your questions are not really Tunnelblick questions, they are really OpenVPN questions, but I'll try to give you some answers and pointers.
On Friday, August 19, 2016 at 2:23:07 PM UTC-4, Scott wrote:
Questions:
- Is there a tutorial that shows how to create the necessary text files to put into openVPN server and how to create certs and keys using Tunnelblick? Something similar to what openVPN did for Windows users?
That set of instructions is NOT for Windows only; it tells you how to use "easy-rsa" to create the key and cert files, and "easy-rsa" is included in Tunnelblick. To get a Terminal window with easy-rsa all set up for you, click on the Tunnelblick icon in the menu bar, click on "VPN Details", and click the large "Utilities" button at the top of the window. Then click on "Open easy-rsa in Terminal". You need to be comfortable using the command line to use easy-rsa, but the instructions are very good.
- Is .ovpn config file sort of a master file with all keys and certs inside? It seems like DD WRT needs the actual text files dropped in, but Tunnelblick and iPhone app can draw them out of the .ovpn file only.
The .ovpn file contains the options you want to use when running OpenVPN. It can either include the keys/certs "inline"), or it can give the paths for files containing the keys/certs. Tunnelblick can use keys/certs in separate files or imbedded in the .ovpn file.
- Do I need to use URL through DDNS like I set up, and where does this get configured?
To access the VPN server (your DD-WRT router) from the Internet, it must have a public IP address, and your .ovpn configuration file must have a "remote" option that includes either that address (e.g., 1.2.3.4) or a name that resolves to that address (e.g. "scott.dyndns.com").
In a typical home situation, your router will have a public IP address that changes periodically, so you need to set up DDNS so you can use a name in the .ovpn config file and have it resolve to your router's public IP address even when it changes. (If you have a stable public IP address for your router, which is rare, then you could just use that IP address in the "remote" option.)
To set up DDNS, you would create an account with a DDNS provider (such as dyn.com) and then enter your account credentials somewhere in the DD-WRT setup.
- Is there a tutorial on what changes need to be made to the sample config.ovpn file for a new setup?
There are lots of them, but, again, that is an OpenVPN question, not a Tunnelblick question. OpenVPN is an extremely powerful and complex tool, with several hundred options (!). It is extremely difficult to set up your own server from scratch. Take a look at OpenVPN on DD-RT. There is a tutorial, too.
Good luck!
PS: Once you have all the files (or a single .ovpn file with imbedded keys/certs), drag the .ovpn file to the Tunnelblick icon in the menu bar to install the configuration. If it refers to separate key/cert files, they will be used to create the Tunnelblick VPN Configuration. You can archive the files afterwards because Tunnelblick copies them into a secure place (and modifies them) in the process of setting up the Tunnelblick VPN Configuration.
Reply all
Reply to author
Forward
0 new messages