Link to home
Create AccountLog in
Avatar of Frosty555
Frosty555Flag for Canada

asked on

OpenVPN - generate keys for Tomato router

OpenVPN has always been confusing to me, hoping somebody can give me the steps to make this work.

I have a router (ASUS RT-N16) which is running Toastman's Tomato router firmware. One of the features of Tomato is that it is capable of acting as an OpenVPN Client.

I have signed up for a free account with VPNPop.com - a VPN service which I'm supposed to be able to connect my router to using OpenVPN in order to tunnel Internet traffic through them.

They have provided me with a .ovpn file, as well as the Server and my Username and Password to put into my router to connect to their server.

Here's a (redacted) version of what they've given me:

TCP PROFILE OVPN:
client
dev tun
auth-user-pass
proto tcp
remote 66.x.x.x 443
remote 66.x.x.x 1194
remote 66.x.x.x 53
resolv-retry 10
nobind
persist-key
persist-tun
cipher BF-CBC
tun-mtu 1500
keepalive 10 60
comp-lzo
verb 4
mute 5

<ca>
-----BEGIN CERTIFICATE-----
MIIDVDxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxQUAMEIxCzAJBgNVBAYTAlVT
MRYwFAxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxQQDExJHZW9UcnVzdCBHbG9i
YWwgQxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxMDAwWjBCMQswCQYDVQQG
EwJVUzExxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxUEAxMSR2VvVHJ1c3Qg
R2xvYmFxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxIIBCgKCAQEA2swYYzD9
9BcjGlZ+xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx9BXiLnTjoBbdq
fnGk5sRgxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxT8rxh0PBFpVXLVDv
iS2Aelet8xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxM386DGXHKTubU
1XupGc1V3xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxRCw7+OC7RHQWa9k0+
bw8HHa8xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxeE4uwc2hGKceeoW
MPRfwCvoxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxMB0GA1UdDgQWBBTA
ephojYn7xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxVkDBF9qn1l
uMrMTjAxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx5kaFOSPeCpilKIn
Z57QzxpexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxcdjHPTfS
tQWVYrmxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxAlk6l5PdPcF
PseKUgzbxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxlKXBx4Ot2/Un
hw4EbNXxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxXeXxx12E6nV
5fEWCRExxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxAocvmMw==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIID1TCCxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxgNVBAYTAlVT
MRYwFAYxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxW9UcnVzdCBHbG9i
YWwgQ0EwHxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxWjA8MQswCQYDVQQG
EwJVUzEXxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxNVBAMTC1JhcGlkU1NM
IENBMIIBIjxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxsce2cy1rfa0
l6P7oeYLUxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx7+T1cSi1v6kt1e
6K3z8BuxexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxVUdp3/Jb
ewdPPeWsxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxelaHnnzh8jfyMX8
N8iamtexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxiHTGSDHl5
HI7Pynxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx662gzxigd
gtFQiwIxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxHQ4EFgQUa2k9ahhC
St2PAmUxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxwRfap9ZbjKzE4w
EgYDVR0xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxaArhilodHRwOi8vY3Js
Lmdlxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx0BggrBgEFBQcBAQQoMCYw
JAYIKwYBBQUHMAGxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxBgkqhkiG9w0B
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxHM3P8yQkXJYDJ1j8Nq6iL4/x
/torAsMzxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx+4ZYlitm12ldKvo2O
SUNjpWxOJ4xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxdsRu61
04BqIxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxIgWW+c+5X4
knYYCnwPxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxb1c0XqtK
LEL2TxyJeN4mTvVvk0wVaydWTQBUbHq3tw==
-----END CERTIFICATE-----
</ca>

Open in new window


On the Tomato router, I've configured most of the options, however it is asking me for these keys and certificates which I don't know:

- Certificate Authority
- Client Certificate
- Client Key

See attached screenshot:

User generated image
I'm not sure if I actually need to use certificates / keys, or if I don't have a choice? And I imagine that hte <ca></ca> section in the .ovpn they gave me probably has something to do with the Certificate Authority section...

but I don't know what to do from here. They didn't give me any .key or .crt files. What do I put into these boxes?

If I need to generate the keys I have Ubuntu on a linux box which I can use but I need the exact commands to type in...
ASKER CERTIFIED SOLUTION
Avatar of Qlemo
Qlemo
Flag of Germany image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of Frosty555

ASKER

You're right! All that was necessary was the paste the contents of the <ca></ca> section, in it's entirety, into the "Certificate Authority" box and everything else could be left blank.