Setting Up DD-WRT OpenVPN Server and Certificate Creation

Channel:
United States i12bretro
Subscribers:
14,500
Published on ● Video Link: https://www.youtube.com/watch?v=szRUKjKvtEI


Duration: 8:44
5,981 views
28

#DDWRT #OpenVPN #VPNServer

Full steps can be found at https://i12bretro.github.io/tutorials/0017.html

This is part five of a series of creating your own self-signed PKI and some ways to utilize the PKI to setup SSL for your web server or create your own OpenVPN server.
 
Disclaimer: I am not a security expert. This is just demonstrating an easy way to get OpenVPN up and running to allow access to a remote network from anywhere in the world.
 
For increased security, use a non-standard TCP or UDP port for your OpenVPN server, making sure to update the client "remote" line with the matching port number.
 
In this tutorial I am running DD-WRT in a VirtualBox VM. Learn how at  https://youtu.be/BRLukj4dZxk
 
Prerequisites
   - A XCA PKI database  https://youtu.be/ezzj3x207lQ
 
Create Required Certificates
   01. Launch XCA
   02. Open the PKI database if it is not already (File ≫ Open DataBase), enter password
   03. Click on the Certificates tab, right click on your Intermediate CA certificate
   04. Select New
   05. On the Source tab, make sure Use this Certificate for signing is selected
   06. Verify your Intermediate CA certificate is selected from the drop down
   07. Click the Subject tab
   08. Complete the Distinguished Name section
         internalName: OpenVPN Server
         countryName: US
         stateOrProvinceName: Virginia
         localityName: Northern
         organizationName: i12bretro
         organizationUnitName: i12bretro Certificate Authority
         commonName: vpn.i12bretro.local
   09. Click the Generate a New Key button
   10. Enter a name and set the key size to at least 2048
   11. Click Create
   12. Click on the Extensions tab
   13. Set the Type dropdown to End Endity
   14. Check the box next to Subject Key Identifier
   15. Update the validity dates to fit your needs
   16. Click the Key Usage tab
   17. Under Key Usage select Digital Signature and Key Encipherment
   18. Under Extended Key Usage select TLS Web Server Authentication
   19. Click the Netscape tab
   20. Deselect all options and clear the Netscape Comment field
   21. Click OK to create the certificate
   22. Click on the Certificates tab, right click on your Intermediate CA certificate again
   23. Select New
   24. On the Source tab, make sure Use this Certificate for signing is selected
   25. Verify your Intermediate CA certificate is selected from the drop down
   26. Click the Subject tab
   27. Complete the Distinguished Name section
         internalName: OpenVPN Client #1
         countryName: US
         stateOrProvinceName: Virginia
         localityName: Northern
         organizationName: i12bretro
         organizationUnitName: i12bretro Certificate Authority
         commonName: VPN Client 1
   28. Click the Generate a New Key button
   29. Enter a name and set the key size to at least 2048
   30. Click Create
   31. Click on the Extensions tab
   32. Set the Type dropdown to End Endity
   33. Check the box next to Subject Key Identifier
   34. Update the validity dates to fit your needs
   35. Click the Key Usage tab
   36. Under Key Usage select Digital Signature, Key Agreement
   37. Under Extended Key Usage select TLS Web Client Authentication
   38. Click the Netscape tab
   39. Deselect all options and clear the Netscape Comment field
   40. Click OK to create the certificate
   41. On the Certificates tab, click the OpenVPN Server certificate
   42. Select Extra ≫ Generate DH Parameter
   43. Type 2048 for DH parameter bits
   44. Click OK
   45. Select a location for dh2048.pem and click Save
 
Exporting Required Files for OpenVPN
   01. In XCA, click on the Certificates tab
   02. Right click the Intermediate CA certificate ≫ Export ≫ File
   03. Set the file name with a .pem extension and verify the export format is PEM chain (*.pem)
   04. Click OK
   05. Right click the OpenVPN Server certificate ≫ Export ≫ File
   06. Set the file name with a .crt extension and verify the export format is PEM (*.crt)
   07. Click OK
   08. Right click the OpenVPN Client #1 certificate ≫ Export ≫ File
   09. Set the file name with a .crt extension and verify the export format is PEM (*.crt)
   10. Click OK
   11. Click on the Private Keys tab
   12. Right click the OpenVPN Server key ≫ Export ≫ File
   13. Set the file name with a .pk8 extension and verify the export format is PKCS #8 (*.pk8)
   14. Click OK
   15. Right click the OpenVPN Client #1 key≫ Export ≫ File
   16. Set the file name with a .pk8 extension and verify the export format is PKCS #8 (*.pk8)
   17. Click OK
 
Setting Up OpenVPN Server in DD-WRT
   01. Open a web browser and navigate to your DD-WRT IP address
   02. Login when prompted
   03. Select the Administration tab


....Full steps can be found on GitHub [link at the top]


### Connect with me and others ###
★ Discord: https://discord.com/invite/EzenvmSHW8
★ Reddit: https://reddit.com/r/i12bretro
★ Twitter: https://twitter.com/i12bretro



Other Videos By i12bretro


2020-05-20Recovering Data From Damaged, Failing or Formatted Hard Drive
2020-05-19Install Android 7.1 Nougat on Ouya
2020-05-18Building Custom PHP Error Handling
2020-05-11Install CyanogenMod on Ouya
2020-05-08Fix the Ouya Discover Store 2020 - This is AMAZING!!!
2020-05-04Installing EmuElec on S905x Android TV Box (Sunvell T95x)
2020-05-04Installing Armbian on Allwinner H6 Android TV Box (Tanix TX6)
2020-04-27Creating and Applying SSL Certificate to Windows IIS
2020-04-27Creating and Applying SSL Certificate to Apache HTTPD
2020-04-20Flashing the OUYA with i12bretro Image
2020-04-20Setting Up DD-WRT OpenVPN Server and Certificate Creation
2020-04-13Adding Self-Signed PKI to Windows Trusted Certificate Store
2020-04-13Adding Self-Signed PKI to Windows Trusted Certificate Store via Group Policy
2020-04-09Sega CD Boot Animation
2020-04-09Nintendo DS Boot Animation
2020-04-09Nintendo Wii Boot Animation
2020-04-08Nintendo Game Boy Advance Boot Animation
2020-04-08Nintendo Game Boy Color Boot Animation
2020-04-08Nintendo Game Boy Boot Animation
2020-04-08Nintendo Gamecube Boot Animation
2020-04-08Sega Master System Boot Animation


Tags:
Certificate Authority
Certificates
DD-WRT
DD-WRT OpenVPN Server
DD-WRT Setup
Home Lab
Home Networking
How To
IT Security
Install Guide
Network
Networking
OpenVPN
PKI
Personal VPN
Public Key Infrastructure
Router
Self-Hosted
Self-Hosted VPN
Self-Hosted VPN Server
Self-Signed
Self-Signed Certificate
Self-Signed PKI
Self-Signed SSL
Tutorial
VPN To Your Home Network
X Certificate Key Manager
XCA
i12bretro