Enable SlickVPN via OpenVPN on OpenELEC
This tutorial will guide you through configuring a VPN connection on your OpenELEC system via SlickVPN using OpenVPN.
A lot of advice was received from this forum topic:
http://openelec.tv/forum/69-network/68991-howto-setup-openelec-to-use-vyprvpn
To get started download the following SlickVPN OpenVPN configuration file:
https://www.slickvpn.com/downloads/config/SlickVPN_IAD.ovpn.
We'll use the contents of this file to create the necessary files to connect to SlickVPN. You can open this file within a text editor to view it's contents.
To get OpenVPN running on OpenELEC we need to perform 5 basic steps:
1) Start by creating a file called "SlickVPN-OpenVPN.config" in your OpenELEC network share:
Add the following to the contents to the file and don't forget to replace the placeholder names: SERVERNAME, SERVER.
[global] Name = SlickVPN-OpenVPN [provider_openvpn] Type = openvpn Name = SlickVPN-OpenVPN Host = gw1.iad1.slickvpn.com Domain = vpn advanced = 1 OpenVPN.ConfigFile = /storage/.config/vpn-config/vpn.config OpenVPN.Port = 443
2) Create a file called "vpn.config" and add the following contents:
# file containing username and password auth-user-pass /storage/.config/vpn-config/pass.txt # equivalent to pull, tls-client client # redirect all outgoing traffic to the vpn gateway redirect-gateway # verify the server certificate for authenticity remote-cert-tls server cipher AES-256-CBC proto udp dev tun keepalive 10 120 nobind persist-key persist-tun # ssl certificate / key used for tls ca /storage/.config/vpn-config/CA.crt cert /storage/.config/vpn-config/Cert.crt key /storage/.config/vpn-config/Server.key log /storage/.config/vpn-config/openvpn.log
3) Create a file called "pass.txt" and add your SlickVPN username and password on separate lines:
USERNAME PASSWORD
Rather than copying the configuration contents below I recommend you copy the contents of the "SlickVPN_IAD.ovpn" file.
4) Create a file called "CA.cert", open this in a text editor and add the following contents:
-----BEGIN CERTIFICATE----- MIIDQDCCAqmgAwIBAgIJAM8Brk2pUr0KMA0GCSqGSIb3DQEBBQUAMHQxCzAJBgNV BAYTAlVTMQswCQYDVQQIEwJDQTEMMAoGA1UEBxMDVlBOMQwwCgYDVQQKEwNWUE4x DDAKBgNVBAsTA1ZQTjEMMAoGA1UEAxMDVlBOMQwwCgYDVQQpEwNWUE4xEjAQBgkq hkiG9w0BCQEWA1ZQTjAeFw0xMjAzMDMwMjExNDJaFw0yMjAzMDEwMjExNDJaMHQx CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEMMAoGA1UEBxMDVlBOMQwwCgYDVQQK EwNWUE4xDDAKBgNVBAsTA1ZQTjEMMAoGA1UEAxMDVlBOMQwwCgYDVQQpEwNWUE4x EjAQBgkqhkiG9w0BCQEWA1ZQTjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA wY2K08N7or1Br/EsD9XBon7gs7dKflWYuymgMLJfeMFWuJloNdsn+3GARIhYBbN6 zhvFGFE214qKPqAydW1WmIIK7KoC0sgndr+Vk/au9gssFzVmmvr6+WN/nfo2L9Kv vBMoYLrMAiyw/D4cRapZi2pXJLcMDfC+p1VWAX8TYWkCAwEAAaOB2TCB1jAdBgNV HQ4EFgQUmyvO4rTnu5/ABnp0FngU+SdR8WAwgaYGA1UdIwSBnjCBm4AUmyvO4rTn u5/ABnp0FngU+SdR8WCheKR2MHQxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEM MAoGA1UEBxMDVlBOMQwwCgYDVQQKEwNWUE4xDDAKBgNVBAsTA1ZQTjEMMAoGA1UE AxMDVlBOMQwwCgYDVQQpEwNWUE4xEjAQBgkqhkiG9w0BCQEWA1ZQToIJAM8Brk2p Ur0KMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAoB0kOuGvrzPBTIRX IDHCCxBMdny+3sKAOllmH4+51j2aWhAJ4Pyc/yBTYyQGNoriABjmNzp+R05oiaxA D3vTgR80juKDPtQb8LoGLBF18gL7Vtc3+hJXcJasXZaDSSoyh5f+TtGvytIT+ece JWIrKnFXzlHOvKlyLkcZn15gwKQ= -----END CERTIFICATE-----
5) Create a file called "Cert.cert", open this in a text editor and add the following contents:
Certificate: Data: Version: 3 (0x2) Serial Number: 2 (0x2) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=CA, L=VPN, O=VPN, OU=VPN, CN=VPN/name=VPN/emailAddress=VPN Validity Not Before: Mar 3 02:12:57 2012 GMT Not After : Mar 1 02:12:57 2022 GMT Subject: C=US, ST=CA, L=VPN, O=VPN, OU=VPN, CN=client/name=VPN/emailAddress=VPN Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (1024 bit) Modulus: 00:ca:a9:fe:05:eb:14:04:84:95:46:fb:90:50:c8: 9e:f9:5b:e9:94:fc:55:f9:b5:41:d8:81:0f:70:1f: bf:3a:95:8a:c5:7d:70:f0:ee:7b:f9:af:0f:29:f5: 25:83:87:ae:cc:14:ae:49:92:60:04:c1:b1:5d:de: 0f:22:5f:73:be:d3:62:22:aa:9f:46:9f:0a:d4:8a: ec:27:89:d2:cc:83:c2:6f:5c:09:1a:a3:6d:05:7b: 36:31:77:85:28:14:83:42:52:1c:53:a5:4d:03:31: a3:c0:c5:ba:71:00:cd:28:d4:86:05:48:65:0c:8f: 49:06:02:7b:cb:5c:35:c2:a9 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: Easy-RSA Generated Certificate X509v3 Subject Key Identifier: E7:44:BD:DB:F0:77:30:D0:9E:B8:57:E6:AD:5C:C9:FA:17:07:FB:60 X509v3 Authority Key Identifier: keyid:9B:2B:CE:E2:B4:E7:BB:9F:C0:06:7A:74:16:78:14:F9:27:51:F1:60 DirName:/C=US/ST=CA/L=VPN/O=VPN/OU=VPN/CN=VPN/name=VPN/emailAddress=VPN serial:CF:01:AE:4D:A9:52:BD:0A X509v3 Extended Key Usage: TLS Web Client Authentication X509v3 Key Usage: Digital Signature Signature Algorithm: sha1WithRSAEncryption 98:8f:26:a8:4d:b4:03:6c:49:98:2b:61:04:75:0c:76:3d:fd: a9:4a:57:06:14:64:ed:76:50:d5:8c:81:5c:20:27:82:df:da: d2:c7:e3:30:81:90:26:c0:c5:36:1e:2c:0a:99:4d:d2:61:c1: 1a:a5:fb:e0:6d:ec:4a:24:da:d3:b9:a1:18:d8:6a:83:5f:7a: 2c:a7:db:05:c8:4d:9f:63:67:1d:a0:aa:8c:ed:0d:1b:d4:36: 73:fd:2d:b7:8e:c3:c8:e7:e8:ed:03:93:71:1c:c0:a4:ed:d6: e9:23:9c:3c:20:4b:69:18:a1:a2:15:26:9e:fd:62:da:41:a1: 25:bc -----BEGIN CERTIFICATE----- MIIDizCCAvSgAwIBAgIBAjANBgkqhkiG9w0BAQUFADB0MQswCQYDVQQGEwJVUzEL MAkGA1UECBMCQ0ExDDAKBgNVBAcTA1ZQTjEMMAoGA1UEChMDVlBOMQwwCgYDVQQL EwNWUE4xDDAKBgNVBAMTA1ZQTjEMMAoGA1UEKRMDVlBOMRIwEAYJKoZIhvcNAQkB FgNWUE4wHhcNMTIwMzAzMDIxMjU3WhcNMjIwMzAxMDIxMjU3WjB3MQswCQYDVQQG EwJVUzELMAkGA1UECBMCQ0ExDDAKBgNVBAcTA1ZQTjEMMAoGA1UEChMDVlBOMQww CgYDVQQLEwNWUE4xDzANBgNVBAMTBmNsaWVudDEMMAoGA1UEKRMDVlBOMRIwEAYJ KoZIhvcNAQkBFgNWUE4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMqp/gXr FASElUb7kFDInvlb6ZT8Vfm1QdiBD3AfvzqVisV9cPDue/mvDyn1JYOHrswUrkmS YATBsV3eDyJfc77TYiKqn0afCtSK7CeJ0syDwm9cCRqjbQV7NjF3hSgUg0JSHFOl TQMxo8DFunEAzSjUhgVIZQyPSQYCe8tcNcKpAgMBAAGjggEoMIIBJDAJBgNVHRME AjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNh dGUwHQYDVR0OBBYEFOdEvdvwdzDQnrhX5q1cyfoXB/tgMIGmBgNVHSMEgZ4wgZuA FJsrzuK057ufwAZ6dBZ4FPknUfFgoXikdjB0MQswCQYDVQQGEwJVUzELMAkGA1UE CBMCQ0ExDDAKBgNVBAcTA1ZQTjEMMAoGA1UEChMDVlBOMQwwCgYDVQQLEwNWUE4x DDAKBgNVBAMTA1ZQTjEMMAoGA1UEKRMDVlBOMRIwEAYJKoZIhvcNAQkBFgNWUE6C CQDPAa5NqVK9CjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDQYJ KoZIhvcNAQEFBQADgYEAmI8mqE20A2xJmCthBHUMdj39qUpXBhRk7XZQ1YyBXCAn gt/a0sfjMIGQJsDFNh4sCplN0mHBGqX74G3sSiTa07mhGNhqg196LKfbBchNn2Nn HaCqjO0NG9Q2c/0tt47DyOfo7QOTcRzApO3W6SOcPCBLaRihohUmnv1i2kGhJbw= -----END CERTIFICATE-----
6) Create a file called "Server.key", open this in a text editor and add the following contents:
-----BEGIN PRIVATE KEY----- MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAMqp/gXrFASElUb7 kFDInvlb6ZT8Vfm1QdiBD3AfvzqVisV9cPDue/mvDyn1JYOHrswUrkmSYATBsV3e DyJfc77TYiKqn0afCtSK7CeJ0syDwm9cCRqjbQV7NjF3hSgUg0JSHFOlTQMxo8DF unEAzSjUhgVIZQyPSQYCe8tcNcKpAgMBAAECgYEAsHf5M1oQ4iY4fciLT2yB0QvR huN6UacdINKwiKd8Mh0I6xJhh8mBtlZS0+wcsD0zXY0cff+xEDNAqEW10+5dr11Y zYpViacZRMQnrzBEYcTSqlfHXg2PZxu4c08ndwDxjm03Vgg5RKvQnGRMRy4lH/HP OiAkb9oJgR0R5sccZgECQQDmfVZF2UBn4u2scjfcPl4XsUrPO8eyie995c7s7Cz1 TDiecLCesjLRf97RexfhhwNJurfCZUWNJ9hkq5hUGzvJAkEA4Rg/ziL74sBh+jT6 2TaAqnmHDWZlrfCfKtlm1z4TQ5E6WpjKNXN3qfKW069QGnRjZn8zuPwgMpBPXeaT jHH/4QJBAJslbvchX7sOA1H6qCM2T/u+uU55PNivBGhIUlskNrb/EXWFAT4xUQe3 /PIg21hRmyL77kmKBaEYWw6YerbShhECQQCX2Rb6BamszyGJfAIZVGY6Gp+bz48a Zy/I5T42R/8Q3sDh6x7GLi30rN1I0oSURB3mQDtxOEy0L5wK+Yhh/2mhAkAGXya9 wUOcSz96jUgnMfiVoBT3BNszzn/HLKCipCPd/eR3FEvpfmNN+olkd09cONMDKCcW CfHad9moALon0bIV -----END PRIVATE KEY-----
Your OpenELEC network share should now look like this:

Within your firewall you will now need to ensure that port 443 is forwarded to your OpenELEC IP Address.
If you're unsure on how to do this you will need to Google how to do this for your specific router!
Reboot OpenELEC and navigate to "System - OpenELEC - Connections" and you will see your "SlickVPN-OpenVPN" VPN listed. Click the connection and then click "Connect".
