>On Monday, January 15th, 2024 at 10:51 AM, Gert Doering <g...@greenie.muc.de>
>wrote:
> Hi,
>
> On Mon, Jan 15, 2024 at 06:25:38AM +0000, Peter Davis via Openvpn-users wrote:
>
> > Thanks again.
> > Should I run the following commands for each client?
> >
> > $ ./easyrsa gen-req <client name> nopass
> > $ ./easyrsa sign-req client <client name>
>
>
> Sounds plausible (I'm not using current easy-rsa, but that's the normal
> order of things - generate a client key+csr, sign the csr into a cert).
>
> > If so, then the above commands will generate separate keys for each client,
> > and each of those keys must be loaded into the configuration file!
>
>
> I fail to understand that sentence. There is not "the configuration file",
> as in "singular, one file". Each client has its own config file that goes
> to the client computer - and yes, this config file needs to contain (or
> reference) the key for this client.
>
> The server config file ("singular") needs to know nothing about all these
> client keys.
>
> gert
> --
> "If was one thing all people took for granted, was conviction that if you
> feed honest figures into a computer, honest figures come out. Never doubted
> it myself till I met a computer with a sense of humor."
> Robert A. Heinlein, The Moon is a Harsh Mistress
>
> Gert Doering - Munich, Germany g...@greenie.muc.de
Hi,
Yes, but shouldn't you copy the following files for each client?
# cp pki/ca.crt /etc/openvpn/client/
# cp pki/issued/client.crt /etc/openvpn/client/
# cp pki/private/client.key /etc/openvpn/client/
And create an .ovpn file for each client with the contents of the above files!
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
