OpenVPN - Configure Client Manually

Report wireless and/or network connectivity problems in this forum.

Moderator: Moderators

ispyisail
Moderator
Posts: 5180
Joined: Mon Apr 06, 2009 3:15 am
Location: New Zealand

OpenVPN - Configure Client Manually

Post by ispyisail »

Hi all

When trying to configure the client manually it won't let me create a config file.

Image

I get this error

Image

ispyisail
Moderator
Posts: 5180
Joined: Mon Apr 06, 2009 3:15 am
Location: New Zealand

Re: OpenVPN - Configure Client Manually

Post by ispyisail »

After some thought the best way would be to import a Gargoyle OpenVPN config file then manually edit from there.

I guess that's why it says "configure" and not "create"

The word "configure" probably should be changed to "edit"?

pouilld
Posts: 3
Joined: Mon Sep 28, 2015 12:18 pm

Re: OpenVPN - Configure Client Manually

Post by pouilld »

Hi,
I have found a way to confiture an OPENVPN client for a VPN provider (VyprVPN) and I think that the procedure I have used could be applied to other VPN providers.

The problem is due to the fact that Gargoyle OPENVPN client has been implemented "mainly" for connecting to another Gargoyle OPENVPN SERVER using a client certificate and a client key (this explain the "config file missing" error when trying to configure a VPN provider using a traditional userid/password connection scheme.

The workaround is to use a Gargoyle previously created client certificate and key (which will NOT be used by OPENVPN) to comply with Gargoyle configuration screen and override Gargoyle OPENVPN configuration commands by those of the VPN provider.

The procedure is as follow:
  1. create (if not already done) a GARGOYLE OPENVPN server configuration to obtain a Gargoyle OPVPN client configuration file containing a valid client certificate and key.
    Download the corresponding zipped folder from Gargoyle and unzip it.
  2. obtain from your VPN provider the "OVPN" folder required to access their server, and extract from this folder

    - the OPENVPN client configuration commands
    - the CA certificate of the VPN provider (from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE-----)
  3. create (SSH or WINSCP) in the /etc/openvpn/ directory a auth.txt file containing the user identification on the first line and the associated password on the second line)
  4. on the GARGOYLE OPENVPN Client configuration screen :
    - select the manual configuration option
    - enter the Gargoyle mandatory fields (server, port, protocol,cipher) and select the appropriate non-openvpn traffic option
    - copy and paste in the configuration field the OPENVPN commands from your VPN provider obtained in step 2 (they will overwrite those previously set by Gargoyle)
    - add or update the following command :
    auth-user-pass /etc/openvpn/auth.txt
  5. copy and paste the VPN provider CA certificate in the CA certificate field
  6. from the xxxx.crt file in the openvpn-credentials unziped folder obtained in step 1 extract the client certificate value (from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE-----) and paste it in the "client certificate" field
  7. from the xxxx.key file in the openvpn-credentials folder obtained in step 1 extract the client key (from -----BEGIN PRIVATE KEY----- up to -----END PRIVATE KEY-----) and paste it in the "client key" field
  8. uncheck the "Use TLS-Auth Key" option and save
    After a while, you should have the Openvpn status as "Running, Connected, IP: xxx.xxx.xxx.xxx"

Enjoy ...

snake218
Posts: 26
Joined: Wed Jan 28, 2015 6:59 pm

Re: OpenVPN - Configure Client Manually

Post by snake218 »

Can someone explain me what user and password do you use in the auth.txt file? Router user password? Vpn user password??
EDIT: Answer myself, you need to put your vpn username password

Now I'm trying to figure out how allow a specific local ip through the router vpn

ysy
Posts: 56
Joined: Sat Oct 28, 2017 12:24 pm
Location: Hong Kong !!

Re: OpenVPN - Configure Client Manually

Post by ysy »

pouilld wrote:
Thu Aug 31, 2017 11:21 am

uncheck the "Use TLS-Auth Key" option and save
After a while, you should have the Openvpn status as "Running, Connected, IP: xxx.xxx.xxx.xxx"
Thanks a lot. May I ask why must we uncheck the "Use TLS-Auth Key" option? The VPN service that I am trying to setup does provide such key.

mcp
Posts: 2
Joined: Sat Jan 23, 2021 6:04 pm

Re: OpenVPN - Configure Client Manually

Post by mcp »

The steps by pouilld worked for me on a gargoyle_1.12.0-ar71xx-generic-mynet-n750-squashfs-factory build with NordVPN. Thanks for documenting this all.

Per the instructions I added file' auth.txt' with my credentials from NordVPN account page into the router '/etc/openvpn/' directory.

I also ended up checking the 'Use TLS-Auth Key' box and added the key from NordVPN's .ovpn file for the server location.
Last edited by mcp on Sat Jan 23, 2021 7:42 pm, edited 1 time in total.

Lantis
Moderator
Posts: 6735
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia

Re: OpenVPN - Configure Client Manually

Post by Lantis »

For your reference, 1.13 has support for this natively, and I use nordvpn just fine.
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.

mcp
Posts: 2
Joined: Sat Jan 23, 2021 6:04 pm

Re: OpenVPN - Configure Client Manually

Post by mcp »

Lantis wrote:
Sat Jan 23, 2021 8:49 pm
For your reference, 1.13 has support for this natively, and I use nordvpn just fine.
I have two routers (mynet-n600 and mynet-n750), both of which i just now successfully upgraded to 1.13 per forum thread: "1.13.0.x gargoyle-ispy 2020-September-07 00"

With version 1.13, it is a simple all-in-one process:
1) select "OpenVPN Client" from OpenVPN Configuration page
2) select "Upload Client Configuration File(s)" and upload .ovpn file from VPN provider
3) check "Use Auth User/Pass" and enter creds from VPN provider
4) add VPN Custom DNS Servers on the Connection > Basic page

The only doubt I had was when first saving the OpenVPN setting, the "Please Wait While Settings Are Applied" message persisted. After about 10 mins, i opened a new window to see that the VPN server was connected. At that point I rebooted, and now i am able to enter just a new server IP in the "OpenVPN Server Address" field to switch among various NordVPN locations.

Brilliant work Lantis and devs, thank you!

Magellan
Posts: 2
Joined: Wed Jun 16, 2021 6:07 am

Re: OpenVPN - Configure Client Manually

Post by Magellan »

Lantis wrote:
Sat Jan 23, 2021 8:49 pm
For your reference, 1.13 has support for this natively, and I use nordvpn just fine.
Hello MCP,

I use NordVPN too.
I have update my TP-Link Archer C7 Vers. 2 on version 1.13 succed.

But I can't login via OpenVPN, because Error Message with configurationfile.

Please can you tell me, whats the correct username and password?

Is it the username and password to login to NordVPN Backend (username = email) or is to enter username and the password specified in the section under NordVPN, both are very cryptic?
Last edited by Magellan on Wed Jun 16, 2021 1:23 pm, edited 2 times in total.

Lantis
Moderator
Posts: 6735
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia

Re: OpenVPN - Configure Client Manually

Post by Lantis »

Magellan wrote:
Wed Jun 16, 2021 11:32 am
Lantis wrote:
Sat Jan 23, 2021 8:49 pm
For your reference, 1.13 has support for this natively, and I use nordvpn just fine.
Hello MCP,

I use NordVPN too.
I have update my TP-Link Archer C7 Vers. 2 on version 1.13 succed.

But I can't login via OpenVPN, because Error Message with configurationfile.

Please can you tell me, whats the correct username and password?

Is it the username and password to login to NordVPN Backend (username = email) or is to enter username and the password specified in the section under NordVPN, both are very cryptic?
On your account dashboard there is a set of "service credentials". You should use these.
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.

Post Reply