admin:network:edgerouter:openvpn

OpenVPN on Ubiquiti EdgeRouter

commands

restart OpenVPN reset openvpn interface

set up CA and generate certificates

easier with easy-rsa!

https://blog.laslabs.com/2013/06/configure-openvpn-with-x-509-ubiquiti-edgerouter-lite/ 

sudo su
 
cd /usr/lib/ssl/misc/
./CA.sh -newca
 
./CA.sh -newreq
./CA.sh -sign
 
cp demoCA/cacert.pem demoCA/private/cakey.pem /config/auth/
mv newcert.pem /config/auth/host.pem
mv newkey.pem /config/auth/host.key
 
openssl dhparam -out /config/auth/dhp.pem -2 1024
 
./CA.sh -newreq
./CA.sh -sign
mv newcert.pem client1.pem
mv newkey.pem client1.key
 
scp client1.* /config/auth/cacert.pem $CLIENT_USER@$CLIENT_IP:/etc/ssl/certs
 
openssl rsa -in client1.key -out client1_nopass.key

configure interface

interfaces {
 openvpn vtun0 {
     mode server
     openvpn-option "--push route 192.168.69.0 255.255.255.0"
     openvpn-option "--push route 192.168.68.0 255.255.255.0"
     server {
         subnet 192.168.70.0/24
     }
     tls {
         ca-cert-file /config/auth/cacert.pem
         cert-file /config/auth/host.pem
         dh-file /config/auth/dhp.pem
         key-file /config/auth/host.key
     }
 }
}

firewall name WAN_LOCAL rule 1 {
 action accept
 description OpenVPN
 destination {
     port 1194
 }
 log disable
 protocol udp
}
  • Last modified: 2024-07-05 14:31