Help/advice request please.
Charles Swiger
cswiger at mac.com
Mon Nov 16 21:55:38 UTC 2015
On Nov 16, 2015, at 1:38 PM, Dave B <g8kbvdave at gmail.com> wrote:
> Trying to figure out how to get openvpn setup, ultimately for a small number of
> traveling client machines (Linux and Windows) all owned by myself, for my own
> personal use.
>
> Is there any (in plain english) "how-to's" out there, that actually work?
Sure. Use preshared static keys, documented here:
https://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html <https://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html>
Use client certs when you're supporting dozens of different users, not one.
> In particular, in regards to creating a self-signed CA (and the other needed)
> certificates, working at the command line.
>
> I'm falling over with the (undocumented) various user input data fields.
> For example, it's taken me a full week, to find out that my country code is not
> UK, or 44, but GB!
>
> But there is no guidance as to what the other field values should (or should
> not) be. Such as region/state etc.
x.509 PKI cryptography is hard. Running your own CA is sufficient work that most
people pay good money for certs rather than doing it themselves.
Regards,
--
-Chuck
More information about the freebsd-questions
mailing list