Welcome, Guest. Please login or register.
Did you miss your activation email?
Friday 22 November 2024, 09:30:47 am

Login with username, password and session length

Visit the Official Endian Reference Manual  HERE
14258 Posts in 4377 Topics by 6516 Members
Latest Member: DaveH
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  VPN Support
| | |-+  Use OpenVPN certificates from another OpenVPNserver ?
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Use OpenVPN certificates from another OpenVPNserver ?  (Read 26252 times)
mrt
Full Member
***
Offline Offline

Posts: 23


« on: Saturday 10 April 2010, 11:35:31 pm »

Hi,

Today I'm running ClarkConnect/ClearFondation/OS 5.1 Enterprise and would like to change it to Endian Gateway, main reason because of that the CleasOS begin to take money for IDS updates and so on.

On my ClearOS I'm running OpenVPN with 5 clients, and on the server my certificate is generated from OpenVPN (windows) and they are in "default" OpenVPN format ca.key and ca.crt and server.key and server.crt.

I hope that I don't have to change the certificates on the clients.

My questions is:

Is it possible to "convert/export/import" the certificate from the ClearOS OpenVPN server and let my new Endian Gateway have them, and a short "HowTo"/tips on how to do it or done that before ?
I see that on the Endian the Certificates has .pem extension, what is the difference?

Regards from Norway
Logged
mrkroket
Hero Member
*****
Offline Offline

Posts: 495


« Reply #1 on: Sunday 11 April 2010, 03:24:39 am »

I was able to move the certs from one Endian to another, but I didn't tested from a 3rd party firewall.

OpenVPN certs and config is on /var/efw/openvpn. There are more certs on /etc/openvpn/ca.
Also, if you have time check out the inners of the openvpn start script, /usr/local/bin/restartopenvpn.py
The first lines gives you all the info about certs and openvpn config.

About the .pem extension, just open your file and see if they are similar.
Logged
mrt
Full Member
***
Offline Offline

Posts: 23


« Reply #2 on: Sunday 11 April 2010, 07:18:59 am »

Ok, thanks for the information. :-) It clear it out a little bit. But still a little confused.

The names are "static" in some scriptfiles. If I want to generate new CA files, how could I do that in Endian? I want for security reason (as told in the docs @ the official OpenVPN webpage) to use "common name".

Like: ns-cert-type server (server is one "commond name")
Also: tls-auth ////ta.key 1

This is not in the files that generates when starting the OpenVPN server. When I create one client account, it is not any "client1.pem/crt/key) files in the system, as I found.

Is anyone using "selfsign/made" cert in Endian?
Is it more docs on how the OpenVPN works with certificates on an Endian GW (gateway)

All help will be great. :-)

PS:mrkroket, do you have one example on how a client configfile you have look like ?

Regards

Logged
mrt
Full Member
***
Offline Offline

Posts: 23


« Reply #3 on: Monday 12 April 2010, 06:43:39 am »

Ping.....
Logged
mrkroket
Hero Member
*****
Offline Offline

Posts: 495


« Reply #4 on: Wednesday 14 April 2010, 02:12:58 am »

Client config is like that:
client
dev tap
proto udp
remote <<<Endian Firewall IP>>>
resolv-retry infinite
nobind
persist-key
persist-tun
ca <<<Endian Firewall Certificate>>>
auth-user-pass
comp-lzo


Save it as Config.ovpn and place it on %programfiles%\OpenVPN\config folder. You also need to place the certificate on that path.

About the static names, yes, but you can change it since they are loaded into variables. Never tested tough, but simply make a backup of the restart script.

The firewall.pem certificate you can save from Webpage is the one located at /var/efw/openvpn/cacert.pem
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.078 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com