EFW Support
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
Monday 25 November 2024, 08:41:37 am
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
Visit the Official Endian Bug tracker
HERE
14261
Posts in
4377
Topics by
6517
Members
Latest Member:
Sandro
Search:
Advanced search
EFW Support
Support
VPN Support
Use OpenVPN certificates from another OpenVPNserver ?
0 Members and 2 Guests are viewing this topic.
« previous
next »
Pages:
[
1
]
Author
Topic: Use OpenVPN certificates from another OpenVPNserver ? (Read 26434 times)
mrt
Full Member
Offline
Posts: 23
Use OpenVPN certificates from another OpenVPNserver ?
«
on:
Saturday 10 April 2010, 11:35:31 pm »
Hi,
Today I'm running ClarkConnect/ClearFondation/OS 5.1 Enterprise and would like to change it to Endian Gateway, main reason because of that the CleasOS begin to take money for IDS updates and so on.
On my ClearOS I'm running OpenVPN with 5 clients, and on the server my certificate is generated from OpenVPN (windows) and they are in "default" OpenVPN format
ca.key
and
ca.crt
and
server.key
and
server.crt
.
I hope that I don't have to change the certificates on the clients.
My questions is:
Is it possible to "convert/export/import" the certificate from the ClearOS OpenVPN server and let my new Endian Gateway have them, and a short "HowTo"/tips on how to do it or done that before ?
I see that on the Endian the Certificates has
.pem
extension, what is the difference?
Regards from Norway
Logged
mrkroket
Hero Member
Offline
Posts: 495
Re: Use OpenVPN certificates from another OpenVPNserver ?
«
Reply #1 on:
Sunday 11 April 2010, 03:24:39 am »
I was able to move the certs from one Endian to another, but I didn't tested from a 3rd party firewall.
OpenVPN certs and config is on
/var/efw/openvpn
. There are more certs on
/etc/openvpn/ca
.
Also, if you have time check out the inners of the openvpn start script,
/usr/local/bin/restartopenvpn.py
The first lines gives you all the info about certs and openvpn config.
About the .pem extension, just open your file and see if they are similar.
Logged
mrt
Full Member
Offline
Posts: 23
Re: Use OpenVPN certificates from another OpenVPNserver ?
«
Reply #2 on:
Sunday 11 April 2010, 07:18:59 am »
Ok, thanks for the information. :-) It clear it out a little bit. But still a little confused.
The names are "static" in some scriptfiles. If I want to generate new CA files, how could I do that in Endian? I want for security reason (as told in the docs @ the official OpenVPN webpage) to use "common name".
Like: ns-cert-type server (server is one "commond name")
Also: tls-auth ////ta.key 1
This is not in the files that generates when starting the OpenVPN server. When I create one client account, it is not any "client1.pem/crt/key) files in the system, as I found.
Is anyone using "selfsign/made" cert in Endian?
Is it more docs on how the OpenVPN works with certificates on an Endian GW (gateway)
All help will be great. :-)
PS:mrkroket, do you have one example on how a client configfile you have look like ?
Regards
Logged
mrt
Full Member
Offline
Posts: 23
Re: Use OpenVPN certificates from another OpenVPNserver ?
«
Reply #3 on:
Monday 12 April 2010, 06:43:39 am »
Ping.....
Logged
mrkroket
Hero Member
Offline
Posts: 495
Re: Use OpenVPN certificates from another OpenVPNserver ?
«
Reply #4 on:
Wednesday 14 April 2010, 02:12:58 am »
Client config is like that:
client
dev tap
proto udp
remote
<<<Endian Firewall IP>>>
resolv-retry infinite
nobind
persist-key
persist-tun
ca
<<<Endian Firewall Certificate>>>
auth-user-pass
comp-lzo
Save it as Config.ovpn and place it on
%programfiles%\OpenVPN\config
folder. You also need to place the certificate on that path.
About the static names, yes, but you can change it since they are loaded into variables. Never tested tough, but simply make a backup of the restart script.
The firewall.pem certificate you can save from Webpage is the one located at
/var/efw/openvpn/cacert.pem
Logged
Pages:
[
1
]
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Announcements
-----------------------------
=> Project News
=> Latest News and Updates
-----------------------------
Support
-----------------------------
=> General Support
=> Installation Support
=> EFW SMTP, HTTP, SIP, FTP Proxy Support
=> VPN Support
=> Hardware Support
-----------------------------
Development
-----------------------------
=> EFW Wishlist
=> Contribute Your Customisations & Modifications
Page created in 0.078 seconds with 18 queries.
Powered by SMF 1.1 RC2
|
SMF © 2001-2005, Lewis Media
Design by
7dana.com