I’m running latest OpenVPN on a RPi 3B+ and having trouble generating the Diffie-Hellman parameters. Because the generation takes a long time, it eventually times out with a gateway timeout. Is there any documentation about how do to this generation properly outside of IPFire? How do I use standard OpenVPN tools on my Linux laptop to generate the proper information to be uploaded?
for the records and your information: Generating or uploading Diffie Hellman parameters to OpenVPN is going to change at some point in the future, because generating your own DH parameters is not considered to be a good idea anymore.
Please refer to bug #12632 for technical details. @ummeegge thankfully works on this one, since he is the guru for OpenVPN in IPFire.
In the future, we might drop this DH parameters generation stuff altogether, and ship an audited parameter with IPFire. In the meantime, it is fine to use, for example, ffdhe4096 and upload that into IPFire.
(In case you do not trust the Mozilla webserver to do the right thing, the same DH parameter is also available in the OpenSSL wiki or by running gnutls.)
Thanks. That appears to have worked. Now I have to set up my clients again. I had this all set up prior to a power outage. Unfortunately, I couldn’t find my backups, so I had to start from scratch.