Technical data
4. Packages
OpenVPN needs a keyfile for encrypting an OpenVPN connection. This keyfile can be
generated unter Windows or Linux by OpenVPN itself. Beginners may install Open-
VPN’s Windows software or use OpenVPN’s WebGUI. If you do not want to use
OpenVPN under Windows but only generate the needed keyfiles it is enough to in-
stall OpenVPN User-Space Components, OpenSSL DDLs, OpenSSL Utilities, Add Open-
VPN to PATH and Add Shortcuts to OpenVPN. With choosing Generate a static
OpenVPN key from the OpenVPN start menu the keyfiles needed can be generated.
At the end the message „Randomly generated 2048 bit key written to C:/Program
files/OpenVPN/config/key.txt“ will appear. The file key.txt is the one we need. Copy
this file into the directory config /etc/openvpn and change its name key.txt to some-
thing more meaningful. Keyfiles can also be generated automatically by the fli4l router if
you set OPENVPN_CREATE_SECRET to ’yes’ and reboot fli4l. If configuring OpenVPN for the
first time enter all data in the config file and either set OPENVPN_DEFAULT_CREATE_SECRET
(Page 169) to ’yes’ if one keyfile should be used for all connections or if a keyfile for
only one connection should be generated set OPENVPN_x_CREATE_SECRET to ’yes’. After
boot of the fli4l router one or more keyfiles will be created automatically and saved to
/etc/openvpn with the name specified. Keyfile(s) can be copied via scp or other medias.
After creation of keyfiles change the setting back to ’no’ and build a new boot media for
fli4l with the configuration and keyfiles you just created. If you forget to change ’yes’ to
’no’ fli4l will generate new keyfiles with each reboot but no OpenVPN daemon will be
started and thus no tunnels can be established. If you set OPENVPN_x_CREATE_SECRET to
’webgui’ you can use the web interface to generate keyfiles. Use OpenVPN’s WebGUI
in detail view for connections and choose ’Keymanagement’. For reference see 4.14.6
Hint: By executing
openvpn --genkey --secret <filename>
you can generate a keyfile by hand via fli4l’s console.
Keyfiles have to be copied to the directory config /etc/openvpn as seen in the following
picture. The file name of the keyfiles without path has to set in OPENVPN_x_SECRET. In
this way keyfiles will be copied to the opt-archive while creating the boot media.
OPENVPN_x_TYPE Default: OPENVPN_x_TYPE=”
An OpenVPN connection either can be used as a tunnel or as a bridge. Through an
OpenVPN tunnel only IP traffic can be routed. A bridge transfers ethernet frames i.e.
not only IP traffic but also IPX or NetBEUI or else. For using OpenVPN to transfer
ethernet frames package advanced_networking is needed in addition. Please note that a
bridge over a DSL line can be really slow!
4.14.3. OpenVPN - Bridge configuration
For using OpenVPN as a bridge the following entries are valid. Please note that when using
a bridge over the Internet broadcast traffic uses already a rather high bandwidth without any
real data being transferred.
Remember that the following settings are only valid if for this connection OPENVPN_x_TYPE
(Page 165) is set to ’bridge’! A configured bridge from package advanced_networking to
which the VPN connection can bind is needed additionally.
165