[ previous ] [ next ] [ threads ]
 
 From:  Peter Curran <lists at closeconsultants dot com>
 To:  "Lady Ath" <ladyath at hotmail dot com>, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] OpenVPN
 Date:  Wed, 26 Jan 2005 23:59:49 +0000
> I am trying to get the OpenVPN part to work, but having some problems.  I
> created a CA and server cert and pasted it in the M0n0 config - that is not
> a problem.  But I am getting mixed up when it comes with the client
> configuration.  I am using the OpenVPN GUI for Windows and set the config
> file on the PC like in the M0n0 OpenVPN example.  In the file I am supposed
> to specify the certs for the CA, the client cert and the client key.  Am I
> correct to assume that I must then get the CA cert on all the client
> machines?
>

On the client you need a CA cert (the same as the one you installed on the 
m0n0).

You need an SSL client cert issued by that CA and a matching private key.

Does that make sense to you?  If you are using windoze, then I am not sure how 
to do this, as I have only ever created certs on a 'nix box.  As you have the 
server side certs then use the same mechanism to create a client cert (just 
give the client a name is all you need).

> Also, can I specify the same port (default 5000) in the config file?  Or
> must it be 5000, the next one 5001, etc?
>
The client port is unimportant - just don't specify anything and the OS will 
assign an unused port.

Don't forget to allow incoming UDP to 5000 on the m0n0.

> Is there a way to do this without having to visit each client machine?

If you are using windoze I doubt it (unless you have SMS maybe).

> How does this tie in with Radius authentication?
>

It doesn't tie in at all - RADIUS is not used by OpenVPN.

I suggest that you take a look at some of the tutorials on the OpenVPN site.

Peter

-- 
----------------------------------------------------------------------------
Peter Curran				  Leveraging Internet Technology
Close Consultants			       for Businesses
p: +44-1225-463700			 
f: +44-1225-463705			  
e: peter at closeconsultants dot com		  
sip: peter at closeconsultants dot com 


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.