List of NVRAM settings to customise the OpenVPN configuration. Up to 10 OpenVPN processes can be configured using the following NVRAM setting (the first OpenVPN process uses the prefix openvpn_, the second OpenVPN process uses openvpn2_ as its configuration prefix and so on). You can either choose to store the whole OpenVPN config in NVRAM (using openvpn_config), or you can use the individual options to configure OpenVPN. In any case, certificates or keys must be stored in the respective NVRAM settings.
Before OpenVPN is started, the contents of openvpn_ca, openvpn_cert, openvpn_key and openvpn_secret will be written to the files /tmp/openvpn/ca.pem, /tmp/openvpn/cert.pem, /tmp/openvpn/key.pem and /tmp/openvpn/secret.key. BTW, the recommended way of setting these options is to use "nvram set openvpn_ca" (note, that there is no '=' after the NVRAM key name which will tell the nvram utility to read the value from stdin) then copy-and-paste the file and finish by pressing Ctrl-"D".
All other NVRAM settings for OpenVPN will be passed on the command line to OpenVPN.
Please note that OpenVPN's certificate validation requires that the system clock is set to the correct time.
The following OpenVPN configuration file is built into the firmware and used by OpenVPN. Commented out options can be set using the NVRAM setting shown above.
mode server dev tun #lport [openvpn_lport] #ifconfig [openvpn_ifconfig] #ifconfig-pool [openvpn_pool] #route [openvpn_route] #push "[openvpn_push]" link-mtu 1460 mssfix 0 tls-server dh /etc/dh1024.pem persist-key #comp-lzo no-replay ping-exit 600 verb 1 daemon
The following configuration can be used on a client to connect to the OpenVPN server on the WRT54G:
dev tun remote [remote-ip-addr] [remote-port] nobind pull link-mtu 1460 mssfix 0 tls-client ca /etc/openvpn/ca.crt cert /etc/openvpn/cert.crt key /etc/openvpn/key.crt persist-key ping 60 ping-restart 150 no-replay verb 1 daemon