IVPN setup on AC87U

[mutty]

Hi,

I´m trying to get IVPN to work on my ASUS AC87U. I follow their guidelines for Tomato OpenVPN (https://www.ivpn.net/setup/router-tomato.html).

The problem is their client certificate: It is too large. They include Certificate Data and Signature specifications, in addition the actual certificate. The input area for client certificate in the router config simply does not allow for this much text.

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3 (0x3)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=MT, ST=Malta, L=Malta, O=IVPN.net, CN=IVPN.net CA/emailAddress=support@ivpn.net
        Validity
            Not Before: Jul 24 17:56:34 2010 GMT
            Not After : Jul 21 17:56:34 2020 GMT
        Subject: C=MT, ST=Malta, L=Malta, O=IVPN.net, CN=client1/emailAddress=support@ivpn.net
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:bb:39:af:7f:45:a3:fc:d2:ca:90:4e:70:dd:5e:
                    e5:a4:f5:fc:f1:52:9d:32:3b:6f:a3:90:2f:a9:15:
                    95:4b:70:13:83:1d:69:3a:98:45:f4:31:44:0b:f9:
                    08:94:dd:3f:e5:21:b2:04:eb:e2:3c:36:7c:d9:16:
                    6b:2b:63:bc:4a:b3:de:9a:c8:f1:e3:f4:c3:ee:0a:
                    8f:c0:fc:c1:d4:45:b8:76:f5:9f:ec:05:c0:db:d5:
                    52:41:f0:96:7b:6d:c9:4e:5e:53:02:ac:fe:d2:bd:
                    a2:17:93:09:42:9a:8a:39:bf:e2:a8:1d:47:41:14:
                    f8:3d:02:3f:84:dd:ff:68:2e:9c:8f:4c:f0:14:45:
                    4c:f9:34:b2:44:1c:6d:11:6d:55:c7:08:aa:e2:e5:
                    0c:4b:bb:86:60:99:fb:44:02:f5:4c:53:ee:2b:db:
                    6e:26:17:ed:0a:14:fa:e4:0a:dc:b1:e9:c9:f7:1f:
                    30:32:01:8d:28:e2:fe:a0:37:30:45:e7:94:6f:c1:
                    d7:24:dd:50:81:31:f0:9d:37:49:28:ff:c3:11:0d:
                    61:bd:1c:44:de:bc:4c:19:d3:b6:0b:23:6d:4a:38:
                    34:0f:9e:3f:02:f9:b3:83:bb:e6:f9:21:7d:80:16:
                    99:22:1e:b7:43:b9:b0:05:11:cf:82:a2:a4:9f:cb:
                    64:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            Netscape Comment:
                Easy-RSA Generated Certificate
            X509v3 Subject Key Identifier:
                A6:F7:4F:11:A4:79:30:09:8D:8A:10:2D:7B:7A:0E:74:7C:17:12:57
            X509v3 Authority Key Identifier:
                keyid:BC:20:3A:C8:D2:7E:55:47:45:1A:E2:A8:FC:49:C4:41:95:33:F3:BE
                DirName:/C=MT/ST=Malta/L=Malta/O=IVPN.net/CN=IVPN.net CA/emailAddress=support@ivpn.net
                serial:D7:8D:F5:FF:45:E7:79:66

            X509v3 Extended Key Usage:
                TLS Web Client Authentication
            X509v3 Key Usage:
                Digital Signature
    Signature Algorithm: sha1WithRSAEncryption
        cd:d9:a4:fc:19:4e:7d:15:5c:dd:00:4f:79:d8:74:83:b5:3d:
        d3:0b:1a:05:fe:37:48:dd:8c:13:41:23:9c:aa:96:f5:02:4e:
        36:1c:ef:fd:60:bc:89:c8:fb:97:58:2e:a3:99:77:b8:d1:99:
        3c:91:99:b1:a6:43:e7:0e:9a:bf:ba:7b:00:40:f3:91:b5:2f:
        6f:31:c5:a9:ca:d2:20:c1:13:e4:2d:af:fa:eb:46:d9:2d:03:
        85:38:38:9f:df:e5:0d:3a:d9:ee:55:07:4e:73:ef:85:39:d5:
        81:6e:cb:f8:29:09:b0:e1:68:48:f4:e4:2f:d8:82:e2:3b:db:
        87:8b:5c:96:a2:c1:b8:f8:fa:8d:d6:27:4a:b0:ba:89:80:f6:
        49:ba:d6:2c:89:b4:76:db:1d:2a:6f:34:d4:e2:c0:38:a5:c7:
        ff:8c:7a:f8:46:0e:2a:ea:c3:0e:a4:ec:7f:79:f7:e8:27:a3:
        88:31:5d:95:1c:05:5b:15:96:28:c5:c0:bb:63:aa:26:cf:c6:
        96:15:fe:32:4c:18:43:c8:c1:8b:b3:af:6f:b5:e0:cd:2a:0f:
        9c:7b:f6:bd:42:c3:cf:b3:62:cf:20:74:cc:3f:1d:9f:6b:ab:
        12:68:a0:c3:e9:db:3a:6a:ec:c8:6c:f3:ae:7c:a9:82:dc:1f:
        42:a2:d7:06
-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgIBAzANBgkqhkiG9w0BAQUFADB3MQswCQYDVQQGEwJNVDEO
MAwGA1UECBMFTWFsdGExDjAMBgNVBAcTBU1hbHRhMREwDwYDVQQKEwhJVlBOLm5l
dDEUMBIGA1UEAxMLSVZQTi5uZXQgQ0ExHzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRA
aXZwbi5uZXQwHhcNMTAwNzI0MTc1NjM0WhcNMjAwNzIxMTc1NjM0WjBzMQswCQYD
VQQGEwJNVDEOMAwGA1UECBMFTWFsdGExDjAMBgNVBAcTBU1hbHRhMREwDwYDVQQK
EwhJVlBOLm5ldDEQMA4GA1UEAxMHY2xpZW50MTEfMB0GCSqGSIb3DQEJARYQc3Vw
cG9ydEBpdnBuLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALs5
r39Fo/zSypBOcN1e5aT1/PFSnTI7b6OQL6kVlUtwE4MdaTqYRfQxRAv5CJTdP+Uh
sgTr4jw2fNkWaytjvEqz3prI8eP0w+4Kj8D8wdRFuHb1n+wFwNvVUkHwlnttyU5e
UwKs/tK9oheTCUKaijm/4qgdR0EU+D0CP4Td/2gunI9M8BRFTPk0skQcbRFtVccI
quLlDEu7hmCZ+0QC9UxT7ivbbiYX7QoU+uQK3LHpyfcfMDIBjSji/qA3MEXnlG/B
1yTdUIEx8J03SSj/wxENYb0cRN68TBnTtgsjbUo4NA+ePwL5s4O75vkhfYAWmSIe
t0O5sAURz4KipJ/LZMcCAwEAAaOCASswggEnMAkGA1UdEwQCMAAwLQYJYIZIAYb4
QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU
pvdPEaR5MAmNihAte3oOdHwXElcwgakGA1UdIwSBoTCBnoAUvCA6yNJ+VUdFGuKo
/EnEQZUz876he6R5MHcxCzAJBgNVBAYTAk1UMQ4wDAYDVQQIEwVNYWx0YTEOMAwG
A1UEBxMFTWFsdGExETAPBgNVBAoTCElWUE4ubmV0MRQwEgYDVQQDEwtJVlBOLm5l
dCBDQTEfMB0GCSqGSIb3DQEJARYQc3VwcG9ydEBpdnBuLm5ldIIJANeN9f9F53lm
MBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQUF
AAOCAQEAzdmk/BlOfRVc3QBPedh0g7U90wsaBf43SN2ME0EjnKqW9QJONhzv/WC8
icj7l1guo5l3uNGZPJGZsaZD5w6av7p7AEDzkbUvbzHFqcrSIMET5C2v+utG2S0D
hTg4n9/lDTrZ7lUHTnPvhTnVgW7L+CkJsOFoSPTkL9iC4jvbh4tclqLBuPj6jdYn
SrC6iYD2SbrWLIm0dtsdKm801OLAOKXH/4x6+EYOKurDDqTsf3n36CejiDFdlRwF
WxWWKMXAu2OqJs/GlhX+MkwYQ8jBi7Ovb7XgzSoPnHv2vULDz7NizyB0zD8dn2ur
Emigw+nbOmrsyGzzrnypgtwfQqLXBg==
-----END CERTIFICATE-----

Is there any way I can make this work?

-mutty

 

[Grapevine]

Only include the following:

-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgIBAzANBgkqhkiG9w0BAQUFADB3MQswCQYDVQQGEwJNVDEO
MAwGA1UECBMFTWFsdGExDjAMBgNVBAcTBU1hbHRhMREwDwYDVQQKEwhJVlBOLm5l
dDEUMBIGA1UEAxMLSVZQTi5uZXQgQ0ExHzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRA
aXZwbi5uZXQwHhcNMTAwNzI0MTc1NjM0WhcNMjAwNzIxMTc1NjM0WjBzMQswCQYD
VQQGEwJNVDEOMAwGA1UECBMFTWFsdGExDjAMBgNVBAcTBU1hbHRhMREwDwYDVQQK
EwhJVlBOLm5ldDEQMA4GA1UEAxMHY2xpZW50MTEfMB0GCSqGSIb3DQEJARYQc3Vw
cG9ydEBpdnBuLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALs5
r39Fo/zSypBOcN1e5aT1/PFSnTI7b6OQL6kVlUtwE4MdaTqYRfQxRAv5CJTdP+Uh
sgTr4jw2fNkWaytjvEqz3prI8eP0w+4Kj8D8wdRFuHb1n+wFwNvVUkHwlnttyU5e
UwKs/tK9oheTCUKaijm/4qgdR0EU+D0CP4Td/2gunI9M8BRFTPk0skQcbRFtVccI
quLlDEu7hmCZ+0QC9UxT7ivbbiYX7QoU+uQK3LHpyfcfMDIBjSji/qA3MEXnlG/B
1yTdUIEx8J03SSj/wxENYb0cRN68TBnTtgsjbUo4NA+ePwL5s4O75vkhfYAWmSIe
t0O5sAURz4KipJ/LZMcCAwEAAaOCASswggEnMAkGA1UdEwQCMAAwLQYJYIZIAYb4
QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU
pvdPEaR5MAmNihAte3oOdHwXElcwgakGA1UdIwSBoTCBnoAUvCA6yNJ+VUdFGuKo
/EnEQZUz876he6R5MHcxCzAJBgNVBAYTAk1UMQ4wDAYDVQQIEwVNYWx0YTEOMAwG
A1UEBxMFTWFsdGExETAPBgNVBAoTCElWUE4ubmV0MRQwEgYDVQQDEwtJVlBOLm5l
dCBDQTEfMB0GCSqGSIb3DQEJARYQc3VwcG9ydEBpdnBuLm5ldIIJANeN9f9F53lm
MBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQUF
AAOCAQEAzdmk/BlOfRVc3QBPedh0g7U90wsaBf43SN2ME0EjnKqW9QJONhzv/WC8
icj7l1guo5l3uNGZPJGZsaZD5w6av7p7AEDzkbUvbzHFqcrSIMET5C2v+utG2S0D
hTg4n9/lDTrZ7lUHTnPvhTnVgW7L+CkJsOFoSPTkL9iC4jvbh4tclqLBuPj6jdYn
SrC6iYD2SbrWLIm0dtsdKm801OLAOKXH/4x6+EYOKurDDqTsf3n36CejiDFdlRwF
WxWWKMXAu2OqJs/GlhX+MkwYQ8jBi7Ovb7XgzSoPnHv2vULDz7NizyB0zD8dn2ur
Emigw+nbOmrsyGzzrnypgtwfQqLXBg==
-----END CERTIFICATE-----

Had me stumped for way too long!

Now if I can only get my RT-AC66U to route ALL traffic over the VPN I would be happy.
Good luck

 

[RMerlin]

I even put a notice on the webui that states to ONLY paste the --- BEGIN / END --- blocks...

 

[RMerlin]

Now if I can only get my RT-AC66U to route ALL traffic over the VPN I would be happy.

Redirect Internet Traffic = All Traffic

 

[Grapevine]

Yes, of course. But it doesnt do it.

It works with Tor but not the VPN channel...I have flashed and re-flashed, unflashed to factory and tried again, no luck

 

[Grapevine]

Redirect Internet Traffic = All Traffic

And thank you Merlin for your work. Will definitely send you some coin.