Some questions about OpenVPN components….
-
Hello,
I'm using with success this howto on some pfsense setup (also : http://doc.pfsense.org/index.php/VPN_Capability_OpenVPN )…
Meanwhile, i have two problems/requests :
- When setting up manually openvpn (on a classic linux box), i could use "./pkitool --initca --pass" to create a protected CA (in order that only someone knowing the passphrase could issue certificates) create clients...
With the easy-rsa package content ( http://openvpn.net/index.php/open-source/documentation/miscellaneous/77-rsa-key-management.html ), i don't have the "pkitool" command...
I read that "pkitool --initca" = "build-ca" : does that mean i could use "build-ca --pass" (does it even exist ?) in order to create a protected CA ?
Or do you use it differently (the main goal : protect CA / avoid unauthorized certificates issuing) ? How do you protect CA ?
- When issuing certificates, i have, at the end, the following message :
"unable to write random state"
I think it's due to incorrect HOME / RANDFILE variables on openssl.cnf file... Well i didn't it because i don't know if my thoughts are right or if there are another variables to change...
By the way, i change HOME variable in vars.bat in order to issue certificates...
Certificates are well issued and work perfectly but this error message remains...
I wanted to know :
What does this *.rnd serve to ? Does it serve to generate random ciphering for certificates issuing ? In other words : can we simply ignore it ?
Thank you very much,
XZed
-
You're probably better off following this for making keys/certs:
http://doc.pfsense.org/index.php/Easyrsa_for_pfSense
-
You're probably better off following this for making keys/certs:
http://doc.pfsense.org/index.php/Easyrsa_for_pfSense
Well i remember have used easy-rsa for pfsense, at its beginnings… but it was still in "beta"... but it seems to be right now ;D
So, i'll give it a try and will feedback here ;D !
Just a question :
I suppose there isn't any package to backup folders (to backup easyrsa4pfsense folder) ? Well, winscp will be sufficient ^^ !
Thanks
-
There is a package, it's called "Backup" and you can set it up to archive any directories you want for download.
SCP also works.
-
There is a package, it's called "Backup" and you can set it up to archive any directories you want for download.
SCP also works.
Thank you very much !
Sincerely,
XZed
-
You're probably better off following this for making keys/certs:
http://doc.pfsense.org/index.php/Easyrsa_for_pfSense
Well i remember have used easy-rsa for pfsense, at its beginnings… but it was still in "beta"... but it seems to be right now ;D
So, i'll give it a try and will feedback here ;D !
Just a question :
I suppose there isn't any package to backup folders (to backup easyrsa4pfsense folder) ? Well, winscp will be sufficient ^^ !
Thanks
I replied to this old post in order to give some feedback :
Indeed, the easyrsa package is very nice ! But, pfSense 2.x brings many nice changes to OpenVPN management (CRL missing in 2.x ?? How to do ?? Perhaps will be corrected in final version ?) ;D !
Thank you
