I’m running latest OpenVPN on a RPi 3B+ and having trouble generating the Diffie-Hellman parameters. Because the generation takes a long time, it eventually times out with a gateway timeout. Is there any documentation about how do to this generation properly outside of IPFire? How do I use standard OpenVPN tools on my Linux laptop to generate the proper information to be uploaded?
Thanks!
Craig
not sure if this is perfect but it is close:
pick your bits. I picked 2048. yours may be different
sudo openssl dhparam -outform PEM -out dhparam2048.pem 2048
and you’ll get LOTS of this:
...............................................+......................................................................................................................................................................................................+...........................+.........................................................................................................................................................................
then wait …
then import: https://wiki.ipfire.org/configuration/services/openvpn/config/upload_gen#diffie-hellman-parameter-options
EDIT: waiting time depends on the power of your computer…
Hi all,
for the records and your information: Generating or uploading Diffie Hellman parameters to OpenVPN is going to change at some point in the future, because generating your own DH parameters is not considered to be a good idea anymore.
Please refer to bug #12632 for technical details. @ummeegge thankfully works on this one, since he is the guru for OpenVPN in IPFire. 
In the future, we might drop this DH parameters generation stuff altogether, and ship an audited parameter with IPFire. In the meantime, it is fine to use, for example, ffdhe4096 and upload that into IPFire.
(In case you do not trust the Mozilla webserver to do the right thing, the same DH parameter is also available in the OpenSSL wiki or by running gnutls.)
Thanks, and best regards,
Peter Müller
Thanks. That appears to have worked. Now I have to set up my clients again. I had this all set up prior to a power outage. Unfortunately, I couldn’t find my backups, so I had to start from scratch.
Thanks again,
Craig
ouch! hope it goes well!
just for completion:
When computing DHPARAM you will get these as the output while computing Diffie Hellman parameters:
. → A potential prime number was generated
+ → Number is being tested for primality
* → A prime number was found.