[lug] Wanted: Help with OpenVPN
Siegfried Heintze
siegfried at heintze.com
Sun Mar 12 22:44:32 MST 2006
I might have figured it out:
(1) I ran clean-all
(2) I extracted ca.crt and ca.key from the zip of the original directory
easy-rsa/keys and
(3) then ran buildkey.
I tried it out from Café Sole and it worked! Why build-key does not work
with the original contents is still a mystery.
Now to learn snort....
Siegfried
-----Original Message-----
From: lug-bounces at lug.boulder.co.us [mailto:lug-bounces at lug.boulder.co.us]
On Behalf Of Kevin Fenzi
Sent: Sunday, March 12, 2006 10:09 PM
To: lug at lug.boulder.co.us
Subject: Re: [lug] Wanted: Help with OpenVPN
>>>>> "Siegfried" == Siegfried Heintze <siegfried at heintze.com> writes:
Siegfried> If I run "vars", "clean-all" (which clears the keys
Siegfried> directory) can I just "build-key client1" and expect this
Siegfried> client to be compatible with the files generated by the
Siegfried> "build ca" and "build-key-server server"? It seems like the
Siegfried> "build-key client1" would have to have the files present
Siegfried> from the previous "build-ca" and "build-key-server" command
Siegfried> so it would be specific to the server.
Humm. You should only use 'clean-all' when you want to wipe everything
out and start all over.
Once you have a CA setup and keys, you want to do just:
. vars
./build-key clientname
to make a new client keypair.
If you do a clean-all you have to start over and make a new CA, and
generate new keys for all your clients signed by that CA.
kevin
More information about the LUG
mailing list