Creating OpenVPN clients

[shesk]

I think my problem is fairly simple but I can't for the life of me figure it out. My googlefoo is failing me as well. I'm newish to VPNs so I could have the language wrong, making it difficult to articulate me problem. Let me know if I need to clarify anything.

I want to enable OpenVPN Server on my Asus - RT-AC68U with multiple clients; phone, tablet, laptop.

As far as I can tell, the VPN Client tab is for setting up VPN services, VPN Provider, not actual clients (devices). I could be wrong.

Under the VPN Server tab, with OpenVPN selected. I've tried both VPN Details as General and Advanced. In general, I've added clients, Applied and attempted to Export the .ovpn file. However, client1.ovpn is the only file ever generated. In advanced, I've tried Username/Password Authentication but can't find anywhere to specify the username and password for each device.

How I know the Usernames generated in the VPN Server - OpenVPN page are not correct. I created one called 'testVPN' with a long password, Applied, and Exported the .ovpn file. I refreshed the page to confirm these settings took. Next I disabled the Server and Applied, again refreshing to confirm it took. Finally, I re-enabled the server and created a username of 'testFromPhone' and Applied. From here I Imported Profile from SD Card (in the OpenVPN mobile client) for the 'testVPN' file and hit Connect. In the OpenVPN Client it, it shows me as connected, even though it didn't ask for a username/password and the profile used doesn't exist on the server.

Thoughts? Where is the Server Keys? Is it not generating Client keys? and lastly, how did it successfully connect?

 

[RMerlin]

Usernames and password are not included in the exported client file. It's usually not imported by clients, you have to manually enter them when you configure your client.

There's no client key because the default configuration only supports password-based authentication. If you want key-based authentication then you have to do everything manually, using EasyRSA or otherwise.

 

[shesk]

Usernames and password are not included in the exported client file. It's usually not imported by clients, you have to manually enter them when you configure your client.

There's no client key because the default configuration only supports password-based authentication. If you want key-based authentication then you have to do everything manually, using EasyRSA or otherwise.

Thanks RMerlin. Can you confirm the client export file is the one generated by the VPN Server tab? And where do I enter them when I configure the client?

I've used EasyRSA on a PiVPN, where would I enter all those details into the ASUS GUI?

 

[RMerlin]

Thanks RMerlin. Can you confirm the client export file is the one generated by the VPN Server tab?

Yes.

And where do I enter them when I configure the client?

Depends on your client. With the Windows client, it will prompt you for it when you try to connect.

I've used EasyRSA on a PiVPN, where would I enter all those details into the ASUS GUI?

You can't. You have to do everything manually. Check on the Wiki, I believe there's a sample guide there, or a link to a generic guide originally meant for Tomato.

 

[Xentrk]

Thanks RMerlin. Can you confirm the client export file is the one generated by the VPN Server tab? And where do I enter them when I configure the client?

I've used EasyRSA on a PiVPN, where would I enter all those details into the ASUS GUI?

For Windows, you can download the OpenVPN client here https://openvpn.net/index.php/open-source/downloads.html. The ovpn file created by the Asus VPN Server GUI would go in C:\Program Files\OpenVPN\config.

If you have mobile devices, the app store will also have an OpenVPN app and ones developed by third parties. They should all allow you to import the ovpn file created by the Asus.

 

[shesk]

Using the Android OpenVPN client, I'm able to import the .ovpn file generated and successfully connect. My confusion is that the username and password created in the ASUS VPN Server tab does nothing.

RMerlin,
I'll read that Wiki again. I think that is the route I need to go since I'm not understanding the GUI.

 

[shesk]

One of the Wiki posts says to create the following directory (use ccd2 if you are providing config files for the second OpenVPN Server instance):
/jffs/configs/openvpn/ccd1/
In this directory put the client config files you wish to provide your OpenVPN server with, each file being named after the common name of the targeted client.

I'm guessing this means create that directory on the ASUS router. If that is correct, how is that done?

 

[Martineau]

My confusion is that the username and password created in the ASUS VPN Server tab does nothing.

I use the Android OpenVPN Client by Arne Schwabe and in order to make use of the OpenVPN Usernames defined in the Asus VPN server tab you need to do two things.

1. Enable the OpenVPN server instance to allow use of Usernames to differentiate between multiple concurrent users of the single COMMON NAME 'client':

2. Configure the Android client to use a Username in addition to the COMMON NAME 'client' single certificate - use the drop-down menu on the Basic tab to select 'User/PW+Certificates', and enter the appropriate Username to identify this device's connection:

 

[DoctorDERP]

A couple of things

1. Enable the username/password authorization option on the OpenVPN server config page. Disable the ONLY username/password auth option just below it.
2. The usernames and passwords are not part of the exported .ovpn file. You'll have to enter them in your client-side app, where you can choose to save these credentials.
3. You can use the same username and password to connect multiple devices at once. You can create just one username/password combo for each user instead of each device.
4. It doesn't matter where you save the config file because you need to import them into the client-side app to use them. This is at least true for the official OpenVPN apps for Windows and Android.
5. Don't try anything with IPv6. It doesn't work.

 

[shesk]

Thanks everyone for the help! I finally got my VPN Server up and running with multiple clients connected. I appreciate all the assistance.