Welcome, Guest. Please login or register.
Did you miss your activation email?
Wednesday 27 November 2024, 08:53:47 pm

Login with username, password and session length

CLICK HERE for the The official Endian Roadmap and Issue tracker
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  VPN Support
| | |-+  Usage of OpenVPN with tls-aut and ns-cert-type
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Usage of OpenVPN with tls-aut and ns-cert-type  (Read 15586 times)
mrt
Full Member
***
Offline Offline

Posts: 23


« on: Thursday 22 April 2010, 05:21:03 am »

Hi,

I'm looking on the usage of the OpenVPN module in EFW 2.3 Community. Earlyer I had a ClarkConnect/ClearFondation gateway for OpenVPN to some clients, and that works perfect.
For several reason I'm now using EFW 2.3.

My little confusion is some "depart from" the official OpenVPN on theyr website. I'm thinking of configuration and usage like:
  • ns-cert-type
  • tls-auth
I was using both with certificate for optimal securety.

Below is some from my former client configurationfile and wounder how this can be made on the server side on my EFW?

# SSL/TLS parms.
# See the server config file for more
# description.  It's best to use
# a separate .crt/.key file pair
# for each client.  A single ca
# file can be used for all clients.
ca /var/etc/openvpn/keys/ca.crt
cert /var/etc/openvpn/keys/client1.crt
key /var/etc/openvpn/keys/client1.key


# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server".  This is an
# important precaution to protect against
# a potential attack discussed here:
http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server".  The build-key-server
# script in the easy-rsa folder will do this.
ns-cert-type server

# If a tls-auth key is used on the server
# then every client must also have the key.
tls-auth /var/etc/openvpn/keys/ta.key 1

Do anyone here have some similar experience from using OpenVPN?

Regards from Norway
Logged
deadmalc
Full Member
***
Offline Offline

Posts: 36


« Reply #1 on: Thursday 06 May 2010, 08:56:37 pm »

I use a similar configuration, and have configured a vpn upstream from the endian firewall to work around endian not supporting this feature in openvpn
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.078 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com