OpenVPN Client - Extra-Certs (certificate) - Update Required - Workaround

[fletchni]

Hi,

Regarding the OpenVPN Client:

Private Tunnel (and probably some other VPN suppliers) have now created new config files which include an "extra-certs" certificate. Unfortunately, ASUSWRT-Merlin does not support the import of this correctly (although, to be fair, even Viscosity, only has this support in a beta version, so it's quite new).

REQUEST: Could Merlin please update in an upcoming release, so these config files with the <extra-certs> tag are handled correctly? It would be much appreciated.

WORKAROUND: The router firmware will import the configuration file, but the new extra certificate is added to the custom options as the bottom (presumably, because it doesn't know what to do with the unknown information / tag.

1. Copy the certificate from the custom options at the bottom of the OpenVPN client configuration screen (starting with the first "dash" of the header "Begin Certificate" and ending with the last dash of the footer "End Certificate").
2. Click on the "Content modification of Keys & Certificates" link beside the "Authorization Mode" field to open the "Keys & Certificates" dialog box.
3. In the "Client Certificate" field, make sure there is a new line at the end of the existing certificate, and then paste the "extra certificate" you copied in step 1 at the bottom. In the middle of the dialog box you should see:
   1. -----END CERTIFICATE-----
      -----BEGIN CERTIFICATE-----
   2. In other words, the certificates are one after another.
4. Click "Save" to save and close the dialog box.
5. Delete the certificate and the tag "<extra-certs>" and the INLINE tag if it exists in the custom options section at the bottom.
6. Click Apply.
7. Start the VPN!

This workaround worked perfectly for me, but took quite a while to figure out (and with a bit of help from Private Tunnel).

 

[RMerlin]

Implement with this commit.