Home/Support/Support Forum/openvpn TRANSPORT WR31
Welcome to Digi Forum, where you can ask questions and receive answers from other members of the community.

openvpn TRANSPORT WR31

0 votes
Hello,

I am trying to use my WR31 as a client for my OpenVPN server.
I am struggling to configure it. I have a .ovpn file containing the different keys and certificate. It is not clear at all where the different keys / certificate are supporsed to go in the WR31 configuration.
I tried several things, creating/converting .crt/.pem files from the .ovpn file, but no success. The only feedback I have from the WR31 is that the link is down....

Did anyone ever successfully configured an openvpn client on a WRxx?
Do you have any procedure to configure the different key/certificate and how to set up openvpn in general?

Any help appreciated, thanks,
raphael
asked Jun 15, 2017 in Digi TransPort Cellular by raphaelh New to the Community (2 points)

Please log in or register to answer this question.

2 Answers

0 votes
Hi

I have never configured a WR from a ovpn file but there should be 3 certs you need

CA
Public CRT
Private KEY

there could also be a tls key
normaly i set all CA to certs to start CA in PEM format and need to follow the DOS 8.3 format

regards

James
answered Jun 30, 2017 by James.Wilson Veteran of the Digi Community (1,225 points)
0 votes
Hi James,

Thanks for your answer.
Finally I managed to load the correct files.

They were issues with end of line characters...

I configure my WR31 as a client.

Also I saw that I needed to load the certificate on the X.509 tab in order to make it work. (The certificate is still loaded as "ChangeMe"...)

I still seems strange to me that I cannot load the certificate in the X.509 tab using the command line interface, I didn't find any commands, so i seems that only using the graphical interface works.

Thanks,
raphael
answered Jul 5, 2017 by raphaelh New to the Community (2 points)
Hi

you could load the certs with sftp/ftp to the router

these are the commands to assign the certs

sslcli 0 certfile "client1.crt"
sslcli 0 keyfile "client1.key"


the CA file if starting with CA end  with ext .PEM will be read by the router

regards

James
Hi James,

Thanks for the update, the part to load the ssl certificates is ok for me.


But the certificate also has to be loaded in the X.509 tab of the interface.

->  Administration - X.509 Certificate Management > Certificate Authorities (CAs)

As far as I tested it work only if the certificate is also loaded here. And the only way to load it is to use the upload button on that page.

regards,                                                                                                                                                           
raphael
...