I am not able to utilize OpenVPN as it is in reforris. I have successfully gone through migration from TOS 3 to TOS 5 months and months ago. However, when I came back. The interfaces did not make sense and it all did not work. Is there any way to get it back to default?
Can someone share his own configuration in luci so that I can try to recreate it?
Current state is really bad. Due to migration it did not got recreated correctly and now I cant use it at all. It is critical priority for me and it is getting urgent in couple of days.
allt he OpenVPN config is in folder /etc/config in file openvpn
As reforris create somehow old configuration directives I played with it a little bit and this is my /etc/config/openvpn that you can basically use if you are on Omnia.
The difference is in lzo compression and encryption AES-256-GCM. Not sure if you have dhparam in same folder, you can adjust with folder where you have it stored and you may also have more keys 01.key 02.key etc generated that also copy from original config
config openvpn ‘server_turris’
option dev ‘tun_turris’
option ca ‘/etc/ssl/ca/openvpn/ca.crt’
option crl_verify ‘/etc/ssl/ca/openvpn/ca.crl’
option cert ‘/etc/ssl/ca/openvpn/01.crt’
option key ‘/etc/ssl/ca/openvpn/01.key’
option server ‘192.168.240.0 255.255.255.0’
option ifconfig_pool_persist ‘/tmp/ipp.txt’
option duplicate_cn ‘0’
option keepalive ‘10 120’
option persist_key ‘1’
option persist_tun ‘1’
option status ‘/tmp/openvpn-status.log’
option verb ‘3’
option mute ‘20’
option topology ‘subnet’
option dh ‘/etc/ssl/ca/openvpn/dhparam.pem’
option comp_lzo ‘yes’
option enabled ‘1’
option port ‘1494’
option proto ‘udp’
option allow-compression ‘yes’
option cipher ‘AES-256-GCM’
option data-ciphers ‘AES-256-GCM:AES-128-GCM’
option data-cipher-fallback ‘AES-256-GCM’
list push ‘route 192.168.8.0 255.255.255.0’
list push ‘redirect-gateway def1’
list push ‘dhcp-option DNS 192.168.240.1’
in the client config you have to add those directives to the end
comp-lzo
cipher AES-256-GCM
I have to also note that there is also config in /etc/config/network
config interface ‘vpn_turris’
option enabled ‘1’
option device ‘tun_turris’
option proto ‘none’
option auto ‘1’
and also in /etc/config/firewall where you config the port to listen OpenVPN on, those are also set by reforris and can be kept as it is
config zone 'turris_vpn_client'
option name 'tr_vpn_cl'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
config forwarding ‘turris_vpn_client_forward’
option src ‘lan’
option dest ‘tr_vpn_cl’
config zone ‘vpn_turris’
option enabled ‘1’
option name ‘vpn_turris’
option input ‘ACCEPT’
option forward ‘REJECT’
option output ‘ACCEPT’
option masq ‘1’
list network ‘vpn_turris’
config rule ‘vpn_turris_rule’
option name ‘vpn_turris_rule’
option target ‘ACCEPT’
option proto ‘udp’
option src ‘wan’
option dest_port ‘1494’