OpenVPN with Ubiquity Edgerouter / EdgeOS
- Current CA in
/config/auth/demoCA - Openssl config at
/usr/lib/ssl/openssl.cnf
Start:
sudo -i
cd /usr/lib/ssl/misc
Increase validity days
- Edit
CA.pland increase:DAYSCADAYS
- Edit
../openssl.cnfand increase:DAYS
Generate a root certificate / CA
./CA.pl -newca
Now enter the new CA pem password:
Enter PEM pass phrase:
Don't add any challenge password !
cp demoCA/cacert.pem /config/auth
cp demoCA/private/cakey.pem /config/auth
Generate the server certificate request
./CA.pl -newreq
- PEM password:
test(will get renmoved later) - Common name:
openvpn server cert
Sign the server certificate request
./CA.pl -sign
Remove the server.key password:
openssl rsa -in newkey.pem -out newkey-no-pw.pem
rm newkey.pem
mv newcert.pem /config/auth/server.pem
mv newkey-no-pw.pem /config/auth/server.key
Generate, sign and move the certificate and key files for the first OpenVPN client
./CA.pl -newreq
- PEM password:
test(will get renmoved later) - Common name: i.e.
client cert varac
./CA.pl -sign
Remove the client cert password and add read permission for non-root users to be able to scp the files later:
openssl rsa -in newkey.pem -out newkey-no-pw.pem
chmod 644 newkey-no-pw.pem
rm newkey.pem newreq.pem
mv newcert.pem /config/auth/client1.pem
mv newkey-no-pw.pem /config/auth/client1.key
Repeat with other clients.
Restart openvpn
In- or decrease the log level, which restarts the OpenVPN process:
configure
set interfaces openvpn vtun0 openvpn-option '--verb 7'
commit ; save
This will not re-read the config, but restart all client connections:
reset openvpn interface vtun0
which is the same as
kill -USR1 $(cat /var/run/openvpn-vtun0.pid)