Title: Usage of OpenVPN with tls-aut and ns-cert-type Post by: mrt on Thursday 22 April 2010, 05:21:03 am Hi,
I'm looking on the usage of the OpenVPN module in EFW 2.3 Community. Earlyer I had a ClarkConnect/ClearFondation gateway for OpenVPN to some clients, and that works perfect. For several reason I'm now using EFW 2.3. My little confusion is some "depart from" the official OpenVPN on theyr website. I'm thinking of configuration and usage like:
Below is some from my former client configurationfile and wounder how this can be made on the server side on my EFW? # SSL/TLS parms. # See the server config file for more # description. It's best to use # a separate .crt/.key file pair # for each client. A single ca # file can be used for all clients. ca /var/etc/openvpn/keys/ca.crt cert /var/etc/openvpn/keys/client1.crt key /var/etc/openvpn/keys/client1.key # Verify server certificate by checking # that the certicate has the nsCertType # field set to "server". This is an # important precaution to protect against # a potential attack discussed here: # http://openvpn.net/howto.html#mitm # # To use this feature, you will need to generate # your server certificates with the nsCertType # field set to "server". The build-key-server # script in the easy-rsa folder will do this. ns-cert-type server # If a tls-auth key is used on the server # then every client must also have the key. tls-auth /var/etc/openvpn/keys/ta.key 1 Do anyone here have some similar experience from using OpenVPN? Regards from Norway Title: Re: Usage of OpenVPN with tls-aut and ns-cert-type Post by: deadmalc on Thursday 06 May 2010, 08:56:37 pm I use a similar configuration, and have configured a vpn upstream from the endian firewall to work around endian not supporting this feature in openvpn
|