OpenVPN on Ubiquiti EdgeRouter
commands
restart OpenVPN | reset openvpn interface |
---|
set up CA and generate certificates
easier with easy-rsa!
https://blog.laslabs.com/2013/06/configure-openvpn-with-x-509-ubiquiti-edgerouter-lite/
sudo su cd /usr/lib/ssl/misc/ ./CA.sh -newca ./CA.sh -newreq ./CA.sh -sign cp demoCA/cacert.pem demoCA/private/cakey.pem /config/auth/ mv newcert.pem /config/auth/host.pem mv newkey.pem /config/auth/host.key openssl dhparam -out /config/auth/dhp.pem -2 1024 ./CA.sh -newreq ./CA.sh -sign mv newcert.pem client1.pem mv newkey.pem client1.key scp client1.* /config/auth/cacert.pem $CLIENT_USER@$CLIENT_IP:/etc/ssl/certs openssl rsa -in client1.key -out client1_nopass.key
configure interface
interfaces { openvpn vtun0 { mode server openvpn-option "--push route 192.168.69.0 255.255.255.0" openvpn-option "--push route 192.168.68.0 255.255.255.0" server { subnet 192.168.70.0/24 } tls { ca-cert-file /config/auth/cacert.pem cert-file /config/auth/host.pem dh-file /config/auth/dhp.pem key-file /config/auth/host.key } } } firewall name WAN_LOCAL rule 1 { action accept description OpenVPN destination { port 1194 } log disable protocol udp }