====== OpenVPN on Ubiquiti EdgeRouter ======

==== commands ====

^ restart OpenVPN | ''reset openvpn interface'' |

===== set up CA and generate certificates =====
**easier with easy-rsa!**

https://blog.laslabs.com/2013/06/configure-openvpn-with-x-509-ubiquiti-edgerouter-lite/
<code bash>
sudo su

cd /usr/lib/ssl/misc/
./CA.sh -newca

./CA.sh -newreq
./CA.sh -sign

cp demoCA/cacert.pem demoCA/private/cakey.pem /config/auth/
mv newcert.pem /config/auth/host.pem
mv newkey.pem /config/auth/host.key

openssl dhparam -out /config/auth/dhp.pem -2 1024

./CA.sh -newreq
./CA.sh -sign
mv newcert.pem client1.pem
mv newkey.pem client1.key

scp client1.* /config/auth/cacert.pem $CLIENT_USER@$CLIENT_IP:/etc/ssl/certs

openssl rsa -in client1.key -out client1_nopass.key
</code>

===== configure interface =====

<code>interfaces {
 openvpn vtun0 {
     mode server
     openvpn-option "--push route 192.168.69.0 255.255.255.0"
     openvpn-option "--push route 192.168.68.0 255.255.255.0"
     server {
         subnet 192.168.70.0/24
     }
     tls {
         ca-cert-file /config/auth/cacert.pem
         cert-file /config/auth/host.pem
         dh-file /config/auth/dhp.pem
         key-file /config/auth/host.key
     }
 }
}

firewall name WAN_LOCAL rule 1 {
 action accept
 description OpenVPN
 destination {
     port 1194
 }
 log disable
 protocol udp
}</code>