I have a new Flint 2 with firmware 4.6.8 and I reset it to default after updating it. I have generated certs and keys for the OpenVPN server using the current version of EasyRSA. The problem is I can't get the router to accept the ca cert, server cert or server key. They are generated with the nopass option. They are 2048bit but I also tried 1024bit. What am I missing? I have done this many times before for Asus and Tomato but not recently for OpenWRT.
The page always gives this error:
"Unknown error occurred. Please check the network environment or reboot the device."
It does accept the generated dh.pem and ta auth key (from easytls).
I got the certs and keys working with the VPN server by SSHing in and editing the files in /etc/openvpn/cert myself. So there seems to be something not working correctly with the GUI.
Using exported certificates from EasyRSA to /etc/openvpn/cert may cause GL GUI OpenVPN Server to fail to run and appear the related errors.
GL GUI OpenVPN has supported to generate all these crypto configs at startup, without depending on third party plugins, including generation complete of server&client profile, like keys, certs, ca.
If you want to depend on the EasyRSA third-party plugins for OpenVPN, please use the vanilla OpenWRT firmware.
Thanks for replying. I could switch to the OpenWRT firmware.
But, why does the GL GUI OpenVPN page allow the user to edit the certs if it can not accept user generated data? You seem to be describing something like what I've seen with Netgear or TPLink, with completely internal cert generation inaccessible to the user.