Getting a PiVPN profile working on GL.iNet GL-AR-750S

!notes.md

If you've used the PiVPN scripts to generate a profile and protected your private key with a passphrase (a very good practice), then you will need a way to decrypt this during the "non-interactive" OpenVPN connection on the router.

The option that I used that worked was to create a separate file that could be referenced in the profile by adding an askpass option that contains only the passphrase.

https://stackoverflow.com/a/24071181/3794873

I'm planning to also test with a dummy empty .pass file since it seems like maybe the OpenVPN profile upload in the GL.iNet firmware doesn't realize that the PiVPN generated ovpn profile has an encrypted private key so it doesn't prompt for one until it sees multiple files in a zip. If you upload a zip that contains the ovpn profile and another file, it seems to assume that the other file is a key or certificate that might need a passphrase so it requests one after the upload.

sample-priv.pass

yourSuperSecretPassphrase

sample-profile.ovpn

client
dev tun
proto udp
remote vpn.yourdomain.com 1195
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
tls-version-min 1.2
verify-x509-name raspberrypi_000000000000000 name
cipher AES-256-CBC
auth SHA256
auth-nocache
verb 3
askpass sample-priv.pass
<ca>
-----BEGIN CERTIFICATE-----
snip...snip
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
snip...snip
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
snip...snip
-----END ENCRYPTED PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
snip...snip
-----END OpenVPN Static key V1-----
</tls-crypt>

How to Upload the .pass file to the Router?

@2003flo you can use the luci ("advanced") interface to enable ssh and edit the file via ssh or you could install a luci plug-in that lets you edit files from the luci admin pages.