-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
To generate a client certificate for a specific client name, you’re on the
right track with the commands you mentioned. Here's the step-by-step process,
including generating and signing the client's certificate, and how to associate
it with a spec
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Bo,
cutting to the chase ..
A brief lesson in the essence of X509.
Using Easy-RSA PKI means that all certificates MUST
be signed using the CA Private Key.
Thus, to sign a "foreign request", that which has come
from an unknown source (eg: clien
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
First, thank you David, for your help.
Also, see below for how Easy-RSA can help, however you choose to
deploy your VPN.
For OpenVPN peer-fingerprint mode:
Please note, Easy-RSA 3.2.2 also has commands:
`self-sign-server` and `self-sign-client`
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Sat, 29 Mar 2025 10:41:38 +0100, Bo Berglund wrote:
> >But I am struggling to understand the concepts still.
Some help:
https://github.com/OpenVPN/easy-rsa/blob/master/doc/Intro-To-PKI.md
> >I tried the section I feel is most similar to my u
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Bo,
Sent with Proton Mail secure email.
On Monday, 17 February 2025 at 15:28, Bo Berglund wrote:
> On the old server I have migrated over the years through easyrsa versions up
> to
> 3.1.5, which is what is now used there.
>
> Can I just cop
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Bruce,
EasyRSA 3.0.8 is ancient.
Debian 11 is no spring chicken.
My only suggestion is that you upgrade EasyRSA to v3.2.2
Regards
Richard
Sent with Proton Mail secure email.
On Tuesday, 4 February 2025 at 06:23, Bruce Bannerman
wrote:
> H
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
Easy-RSA has issued it's first CVE.
During the transitionary phase between OpenSSL v1.1.x and v3.x.x
a minor weakness was discovered when encryption the CA private key.
CVE Record:
* https://www.cve.org/CVERecord?id=CVE-2024-13454
Full detail
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi Bo,
regarding EasyRSA upgrade from 315 to 321, this is recommended.
Simply install the easyrsa script into your preferred area.
Either the parent dir of your PKI or a dir in your PATH for
executable files, I use `/usr/local/sbin`.
Regarding maki
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi
On Sunday, 7 July 2024 at 23:33, Leroy Tennison via Openvpn-users
wrote:
> Was working on a remote system (a local NIC on a network not associated with
> the one I was on and the OpenVPN tun interface) with a request to change the
> local sy
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
On Monday, 17 June 2024 at 21:33, Mika Laitio wrote:
> Hi, this is my first time in this list.
>
> This may be too simple a question, but I did not find a clear answer when
> googling and reading the README.quickstart.md. All the examples I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
On Thursday, 16 May 2024 at 15:17, Gert Doering wrote:
> Hi,
>
> On Thu, May 16, 2024 at 05:05:37PM +0300, M Mikky wrote:
>
> > It
> > looks primarily like another attempt to combat the globally used OpenVPN,
> > since Microsoft has its o
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
On Thursday, 25 April 2024 at 08:51, Bruno Tréguier via Openvpn-users
wrote:
> Or am I
> totally wrong about the possible cause?
Yes, you are "totally wrong"..
The packet is dropped because no route exists for the source address.
You can
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
On Wednesday, 21 February 2024 at 14:39, Hans via Openvpn-users
wrote:
> Dear all,
>
> Last week i got a reminder, that (at least in Germany by the BSI ) the
> minimum key-length has been changed to 3072 bits.
>
> And before someone is goi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
On Wednesday, 21 February 2024 at 06:59, Peter Davis via Openvpn-users
wrote:
> Hi,
> I got the following error:
>
> # sh /etc/openvpn/scripts/script-events.sh
> /etc/openvpn/scripts/script-events.sh: 6: [: ==: unexpected operator
> /etc/o
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
On Monday, January 22nd, 2024 at 11:23 PM, David Sommerseth
wrote:
> On 21/01/2024 17:34, tincantech via Openvpn-users wrote:
>
>
> > > Can I edit this file and remove the item --suppress-timestamps to possibly
> >
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
On Sunday, January 21st, 2024 at 9:17 PM, Gert Doering
wrote:
> Hi,
>
> On Sun, Jan 21, 2024 at 09:08:01PM +0100, Bo Berglund wrote:
>
> > Now I wonder if there is anything at all one can do on a server instance
> > level
> > to disable th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sent with Proton Mail secure email.
On Sunday, January 21st, 2024 at 8:08 PM, Bo Berglund
wrote:
> This is a discussion that started in another unrelated thread titled:
> "Two questions about key generation for clients"
> but which does not
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
On Sunday, January 21st, 2024 at 1:42 PM, Bo Berglund
wrote:
> I looked around and found this File:
>
> /lib/systemd/system/openvpn-server@.service
That is the openvpn server unit file.
> Can I edit this file and remove the item --sup
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sent with Proton Mail secure email.
On Saturday, January 20th, 2024 at 11:05 PM, tincantech via Openvpn-users
wrote:
> Hi,
>
> On Saturday, January 20th, 2024 at 6:57 PM, Bo Berglund bo.bergl...@gmail.com
> wrote:
>
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
On Saturday, January 20th, 2024 at 6:57 PM, Bo Berglund
wrote:
> On Sat, 20 Jan 2024 18:41:17 +0100, Gert Doering g...@greenie.muc.de wrote:
>
> > > Is it possible to notify the previous user via email or SMS when another
> > > user connects
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
Sent with Proton Mail secure email.
On Monday, January 15th, 2024 at 4:40 PM, Gert Doering
wrote:
> Hi,
>
> On Mon, Jan 15, 2024 at 04:35:40PM +, Peter Davis wrote:
>
>
> > If so, why is there a directory named "client" under /etc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
Sent with Proton Mail secure email.
On Monday, 8 January 2024 at 20:46, Antonio Quartulli wrote:
> Hi,
>
> On 08/01/2024 21:34, Hans via Openvpn-users wrote:
> > 1) how can I revoke a SINGLE client key (as this was suggested as a
> > ‘ne
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
Sent with Proton Mail secure email.
On Saturday, 6 January 2024 at 06:48, Peter Davis via Openvpn-users
wrote:
> Hello,
>
> I edited the vars file as below and created an OpenVPN server:
>
>
> export KEY_COUNTRY="US"export KEY_PROVINCE=
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sent with Proton Mail secure email.
On Saturday, 6 January 2024 at 06:48, Peter Davis via Openvpn-users
wrote:
> Hello,
>
> I edited the vars file as below and created an OpenVPN server:
>
>
> export KEY_COUNTRY="US"export KEY_PROVINCE="CA
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
On Friday, 29 December 2023 at 20:29, Richard Couture
wrote:
> I have totally reinitialized the system with new certs created by
> easy-rsa v.3 and the results, though not successful are definately
> better.
you are missing --keepalive fro
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
Sent with Proton Mail secure email.
On Thursday, 28 December 2023 at 04:15, Leroy Tennison via Openvpn-users
wrote:
> These are truly wild guesses but
>
All good advice.
> On Wednesday, December 27, 2023 at 09:13:21 PM CST, Richard Coutu
cal decision.
>
> HTH
> --
>
>
>
> Sent with Proton Mail secure email.
>
> On Monday, 11 December 2023 at 18:13, Hans via Openvpn-users
> wrote:
>
>
> >
> >
> >
> > >
> > > From: "Antonio Quartulli"
> >
:
>
>
>
> >
> > From: "Antonio Quartulli"
> > Date: Monday, 11 December 2023 at 12:02:33
> > To: "Jason Long" , "Tincantech via Openvpn-users"
> >
> > Subject: Re: [Openvpn-users] Reference manual for OpenVPN 2.6 PDF
&g
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
And, as ever, check your log files.
-BEGIN PGP SIGNATURE-
Version: ProtonMail
wsBzBAEBCAAnBYJlT4J9CZBPl5z2a5C4nRYhBAm8PURno41yecVVVU+XnPZr
kLidAAA9uwgAvcj1NP1FJ0CBeowWL+63eZ7IUa7c6uypxIg/kvQ74Crv0cAc
1qxoWYiM/Mp7kVfEn+PWmRLgAT7d7ScqA0Lh9cS0
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
for the record, OpenVPN does not set $PATH when executing scripts.
It looks like you have partially fixed this with use of `/usr/bin/echo`
but not done the same for `/usr/bin/resolvectl`.
You can set your expected $PATH for the script or call
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
On Tuesday, 7 November 2023 at 05:27, Jason Long wrote:
>
> Hello,
> I added the following line to the server.conf file:
>
> push "route 172.20.0.0 255.255.255.0"
>
> Then, I restarted the OpenVPN service:
>
> # systemctl restart openvpn
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Monday, November 6th, 2023 at 12:26, Jason Long wrote:
>
> Hello,
> Thank you so much for your reply.
> Some lines of my server.conf file are:
>
> push "redirect-gateway def1 bypass-dhcp"
> push "dhcp-op
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
Your DNS server is non-local and you are most likely
redirecting your gateway to the VPN.
So, DNS packets for your DNS server are set into the
tunnel and are finally dropped by the server gateway.
Openvpn has option : '--redirect-gateway bypa
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Friday, October 20th, 2023 at 23:39, Bo Berglund
wrote:
> On Fri, 20 Oct 2023 22:12:18 +0200, Antonio Quartulli a...@unstable.cc wrote:
>
> > Hi,
> >
> > On 20/10/2023 21:35, Bo Berglund wrote:
> >
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Friday, October 20th, 2023 at 21:17, Bo Berglund
wrote:
> On Fri, 20 Oct 2023 15:35:30 -0400, Bo Berglund bo.bergl...@gmail.com wrote:
>
> > On Thu, 19 Oct 2023 18:11:48 -0400, Bo Berglund bo.bergl...@gma
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Friday, October 20th, 2023 at 00:31, Bo Berglund
wrote:
> I have done that previously using ccd commands to assign a user a specific IP
> address and then block that address in IPTABLEWS from reaching the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Friday, October 20th, 2023 at 00:31, Bo Berglund
wrote:
> On Thu, 19 Oct 2023 22:52:12 +0000, tincantech via Openvpn-users
> openvpn-users@lists.sourceforge.net wrote:
>
> > I think I hav
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Thursday, October 19th, 2023 at 23:39, tincantech via Openvpn-users
wrote:
> Hi,
>
> --- Original Message ---
> On Thursday, October 19th, 2023 at 23:11, Bo Berglund bo.bergl.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Thursday, October 19th, 2023 at 23:11, Bo Berglund
wrote:
> Now I would like to add one more type, web-only:
> 4 - Clent can only access the web through the server side gateway but not the
> local LAN
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
A brief and useful example:
I choose to use elliptic curve ED448.
This can be set in the `vars` file using
set_var EASYRSA_ALGOed
set_var EASYRSA_CURVE ed448
Or by command line:
easyrsa --use-algo=ed --c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
This may be of use;
The default user `vars` file can be created with command:
* `easyrsa make-vars > ./vars`
Redirect `./vars` to your preferred location.
R
-BEGIN PGP SIGNATURE-
Version: ProtonMail
wsBzBAEBCAAnBYJlIZqSCZBPl5z2a5C4nRYhBA
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello OpenVPN Users,
--- Original Message ---
On Saturday, October 7th, 2023 at 14:27, tincantech via Openvpn-users
wrote:
> Note: The next release of Easy-RSA will not complain about the location
> of the vars file. Until then, y
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sent with Proton Mail secure email.
--- Original Message ---
On Saturday, October 7th, 2023 at 07:20, Bo Berglund
wrote:
> On Fri, 06 Oct 2023 20:59:48 +0000, tincantech via Openvpn-users
> openvpn-users@lists.sourceforge.net
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sent with Proton Mail secure email.
--- Original Message ---
On Friday, October 6th, 2023 at 21:17, Bo Berglund
wrote:
> In easyrsa2 one could enter a longer expiration than 3650 days by editing the
> vars file and changing these en
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Sunday, September 3rd, 2023 at 15:06, Bruno Tréguier via Openvpn-users
wrote:
> Le 03/09/2023 à 15:23, Jason Long a écrit :
>
> > Hello,
> > As I said, I have some scenario and I want to learn more.
Tran
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Not only but also,
This HOWTO is very useful:
https://community.openvpn.net/openvpn/wiki/HOWTO
YMMV
--
-BEGIN PGP SIGNATURE-
Version: ProtonMail
wsBzBAEBCAAnBYJk9GxPCZBPl5z2a5C4nRYhBAm8PURno41yecVVVU+XnPZr
kLidAACK4wf/faLlVNOE3Ae80h1eNKp
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
To follow up, a very brief introduction to Easy-RSA.
Download the latest Easy-RSA:
https://github.com/OpenVPN/easy-rsa/releases/tag/v3.1.5
Unpack that to a suitable folder in your HOME folder.
Change directory to the new folder.
Create your first
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Wednesday, August 16th, 2023 at 15:55, Jochen Bern
wrote:
> However, if you worked along that how-to, your CA certificate is
> indeed using the CN of "server" (not "Server", but that might be a
> liberty
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Edited for brevity:
--- Original Message ---
> On 16.08.23 12:23, Jason Long via Openvpn-users wrote:
> > I opened the ca.crt file on the client and clicked on the Details tab
> > and it showed me "CN = Server". So, I must change the "Test-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Tuesday, August 15th, 2023 at 15:02, Gert Doering
wrote:
> Hi,
>
> On Tue, Aug 15, 2023 at 12:54:45PM +, Jason Long via Openvpn-users wrote:
>
> > I did a tcpdump:
> >
> > # tcpdump --interface any
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Tuesday, August 15th, 2023 at 10:57, Jason Long wrote:
> Hello,
> My OpenVPN server internal network IP is "192.168.1.20" and the IP address of
> client is "192.168.1.21". Both VMs can ping each other.
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sent with Proton Mail secure email.
--- Original Message ---
On Monday, August 14th, 2023 at 22:11, Jason Long wrote:
> On Mon, Aug 14, 2023 at 11:47 PM, tincantech
>
> > wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA256
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Monday, August 14th, 2023 at 20:49, Jason Long wrote:
> On Mon, Aug 14, 2023 at 5:16 PM, tincantech
>
> > wrote:
> >
> > Hello,
> > Thank you so much for your help.
> > I take a loot at
> > "https://bui
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sent with Proton Mail secure email.
--- Original Message ---
On Monday, August 14th, 2023 at 14:13, Jason Long via Openvpn-users
wrote:
> Hello,
> To increase the security of OpenVPN, I want to use the ccd-exclusive.
--ccd-exclusiv
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
Sent with Proton Mail secure email.
--- Original Message ---
On Monday, August 14th, 2023 at 11:51, Jason Long wrote:
> Hi,
>
> On Mon, Aug 14, 2023 at 10:13:48AM +, Jason Long wrote:
>
> If someone really has such an environ
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
Sent with Proton Mail secure email.
--- Original Message ---
On Monday, August 14th, 2023 at 09:23, Jason Long via Openvpn-users
wrote:
>
> Mon Aug 14 12:52:03 2023 read UDPv4: Connection reset by peer (WSAECONNRESET)
> (fd=ec,code
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sent with Proton Mail secure email.
--- Original Message ---
On Saturday, August 12th, 2023 at 14:52, Jason Long wrote:
> Hi,
>
> Sent with Proton Mail secure email.
>
>
> --- Original Message ---
> On Saturday, August 12t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
Sent with Proton Mail secure email.
--- Original Message ---
On Saturday, August 12th, 2023 at 07:39, Jason Long via Openvpn-users
wrote:
> Hello,
> I added "tls-crypt ta.key 0" and "data-cipher AES-256-GCM" to my Server.conf
> and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi Jason,
Can you identify the error(s) present in this routing table ?
ip rdefault via 10.1.101.1 dev enp5s0
default via 10.2.110.0 dev enp7s0
10.1.101.0/24 dev enp5s0 proto kernel scope link src 10.1.101.101
10.2.110.0/24 dev enp7s0 proto kernel
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
--- Original Message ---
On Friday, July 28th, 2023 at 16:42, Niccolò Belli
wrote:
> Il 2023-07-29 18:13 tincantech ha scritto:
>
> > My analysis of your test data, reduces to the following comment:
> >
> > Personally, I do not consider
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
--- Original Message ---
On Friday, July 28th, 2023 at 14:52, Niccolò Belli
wrote:
> Il 2023-07-24 13:23 tincantech ha scritto:
>
> > If your PMTU is changing "on a daily basis" then you should probably
> > report
> > that as a fault to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
--- Original Message ---
On Monday, July 24th, 2023 at 13:39, Jason Long wrote:
> Hello,
> What is top-posting?
> I just click on "Reply all".
Please send your replies to the mailing list, unless otherwise instructed.
Try google: "What i
ssword used?
>
>
>
>
>
> On Monday, July 24, 2023 at 02:46:18 PM GMT+3:30, tincantech via
> Openvpn-users openvpn-users@lists.sourceforge.net wrote:
>
>
>
>
>
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Hi,
&g
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
This seems to have been forgotten.
--- Original Message ---
On Thursday, July 20th, 2023 at 11:24, Niccolò Belli
wrote:
> I'm using Debian 12 Bookworm with OpenVPN 2.6.3 on the server and Arch
> Linux with OpenVPN 2.6.5 [git:makepkg/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Monday, July 24th, 2023 at 11:42, Jason Long via Openvpn-users
wrote:
> Hello,
> Thank you so much for your reply.
> Your answer raised another question in my mind. Can I use the same "ca.crt",
> "server.
/tct/Downloads/crl.pem
Using:
date/time: VERIFY WARNING: depth=0, unable to get certificate CRL:
It works otherwise. OpenSSL 1.1.1f openvpn 2.7_git
BR
Sent with Proton Mail secure email.
--- Original Message ---
On Saturday, June 17th, 2023 at 14:01, tincantech via Openvpn-users
wrote
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
this is a wild stab in the dark .. but
perhaps the CRL is associated with a different CA to the --ca loaded by the
server ?
BR
Sent with Proton Mail secure email.
--- Original Message ---
On Saturday, June 17th, 2023 at 13:37, Ralf
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Wednesday, March 8th, 2023 at 20:07, Bo Berglund
wrote:
> This happens on an updated easyrsa3 installation (see other thread for
> details).
>
>
> (previously
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Also,
Sent with Proton Mail secure email.
--- Original Message ---
On Wednesday, March 8th, 2023 at 16:35, tincantech via Openvpn-users
wrote:
>
>
>
>
>
> Sent with Proton Mail secure email.
>
>
&g
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sent with Proton Mail secure email.
--- Original Message ---
On Wednesday, March 8th, 2023 at 14:30, Bo Berglund
wrote:
> On Wed, 08 Mar 2023 01:45:40 +0000, tincantech via Openvpn-users
> openvpn-users@lists.sourceforge.net
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Wednesday, March 8th, 2023 at 00:24, Bo Berglund
wrote:
> On Tue, 07 Mar 2023 11:55:34 +0100, Bo Berglund bo.bergl...@gmail.com wrote:
>
> > I have now completed my conversion of the old script to ease bui
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sent with Proton Mail secure email.
--- Original Message ---
On Tuesday, March 7th, 2023 at 10:55, Bo Berglund wrote:
>
> I have now completed my conversion of the old script to ease building ovpn
> files
> for the clients. It han
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Monday, March 6th, 2023 at 20:42, Bo Berglund wrote:
> Question:
> -
> I will call easy-rsa from within my script and I want to enter the password
> as a
> variable in the script and pass it to ea
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
Only private keys can be encrypted by openssl with a password.
Certificates are basically public keys, therefore, password
protecting them is completely pointless. EasyRSA does not
offer any form of subsequent encryption.
You can encrypt any fi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
To build private keys without passwords, either:
- easyrsa build-client-full cli-name nopass (The original method)
or
- easyrsa --nopass build-client-full cli-name (The new method)
Option --nopass can be either --nopass or --no-pass
All will rem
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
Follow-up:
https://github.com/OpenVPN/easy-rsa/issues/905
--- Original Message ---
On Sunday, March 5th, 2023 at 22:03, Bo Berglund wrote:
> On Sun, 05 Mar 2023 18:15:02 +0000, tincantech via Openvpn-users
> openvpn
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
Bo,
first, please accept my apologies for putting you through this torture.
Somebody had to test it one day, that day has come.
Second, thank you for persevering with me.
Hopefully, I have found a reasonably simple solution.
Required chang
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
please remember to copy the mailing list.
Comment below.
--- Original Message ---
On Sunday, March 5th, 2023 at 09:53, Bo Berglund wrote:
> Hi,
> I tried to figure out why the CA check failed by reading what easyrsa does
> when i
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
FTR: Simply downloading git/master/easyrsa is enough,
using say, Firefox.
And yes, you only need the files that you *have* downloaded.
I can only hope that they are in the correct place..
With fingers-crossed, I look forward to our next chapt
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
EASYRSA_TEMP_DIR is a temporary directory, which MUST exist
and you MUST have write access to it. It can be anywhere.
Also, env-vars can be specified on the command line.
eg: $ EASYRSA_TEMP_DIR="/tmp/easyrsa" easyrsa upgrade pki
Without ';' ter
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Friday, March 3rd, 2023 at 17:31, Bo Berglund wrote:
> > > > The simple answer is, try it!
> > >
> > > Hmm, nothing seems to have happened:
> > > ---
> > > $ ./easyrsa upgrade pki
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Friday, March 3rd, 2023 at 15:03, Bo Berglund wrote:
> On Fri, 03 Mar 2023 14:40:01 +0100, Bo Berglund bo.bergl...@gmail.com wrote:
>
> > So I have created a new "easy-rsa" dir by doing this:
> >
> > wget
hanks
Richard
--- Original Message ---
On Thursday, March 2nd, 2023 at 16:56, Bo Berglund
wrote:
> On Thu, 02 Mar 2023 14:01:24 +, tincantech via Openvpn-users
> openvpn-users@lists.sourceforge.net wrote:
>
> > --- Original Message ---
> > On Thursday, Ma
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Thursday, March 2nd, 2023 at 10:12, Bo Berglund
wrote:
> I have downloaded easy-rsa3 version to my OpenVPN server for testing.
> I did so using wget on the v3.1.2/EasyRSA-3.1.2.tgz file below Releases at
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Saturday, February 25th, 2023 at 21:12, Bo Berglund
wrote:
> On Thu, 23 Feb 2023 17:43:15 +0100, Bo Berglund bo.bergl...@gmail.com wrote:
>
> > Questions:
> >
> > Can I extend the expiration time of my
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Friday, February 24th, 2023 at 22:11, Bo Berglund
wrote:
> On Fri, 24 Feb 2023 11:05:57 +0100, Gert Doering g...@greenie.muc.de wrote:
>
> > Hi,
> >
> > On Fri, Feb 24, 2023 at 10:58:06AM +0100, Bo Bergl
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Thursday, February 23rd, 2023 at 23:20, Bo Berglund
wrote:
> I have used easy-rsa2 since I started with OpenVPN 10 years ago and I have
> made
> a script that eases the manufacture of client OVPN fiiles
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Thursday, February 23rd, 2023 at 17:34, David Sommerseth
wrote:
> On 23/02/2023 17:43, Bo Berglund wrote:
>
Note: The suggestions made by David Sommerseth above are also very useful.
> > Questions:
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Thursday, February 23rd, 2023 at 15:10, Bo Berglund
wrote:
> When I first try (and fail) to connect then go in via the other server to read
> the log I find this:
>
> 217.31.190.108:63723 TLS: Initial pac
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi Steve,
if you find time then a more thorough test is easy:
Use --fix-offset=120 when building a client certificate.
eg: `easyrsa --fix-offset=120 --nopass build-client-full client01`
There is no rush but I would like to know if that works
on y
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi Steve,
Thank you for testing and feeding back.
I put quite some time into testing the various date programs;
it is good to know when the code passes real world testing.
Kind regards
Richard
Sent with Proton Mail secure email.
--- Original
06:17, tincantech via Openvpn-users
wrote:
> Hi,
>
> EasyRSA version 3.0.x 'build-x-full' does not use date.
>
> You must be using version 3.1.x
>
> Please check which version you are using.
>
> Releases are available, please try latest:
> http
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
EasyRSA version 3.0.x 'build-x-full' does not use date.
You must be using version 3.1.x
Please check which version you are using.
Releases are available, please try latest:
https://github.com/OpenVPN/easy-rsa/releases
If the problem persists
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi Ralf,
I experienced a very similar issue when testing a DCO server.
For me, the solution was to remove ALL compression settings from
the client CCD file and server conf, including what appear to be
compatible settings.
I don't understand the re
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi Leroy,
It sounds like we are, more or less, on the same page.
For me, only two points remain:
1.
> In case it matters, the server versions are OpenVPN 2.3.10/OpenSSL 1.0.2g
It matters and, after *ten* years, it is time that you understand why
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Thursday, October 27th, 2022 at 5:16 AM, Leroy Tennison via Openvpn-users
wrote:
> After 10 years this happened to us, fortunately on a small VPN. In rushing
> to get service restored, i used easy-rsa's
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
Sent with Proton Mail secure email.
--- Original Message ---
On Wednesday, September 28th, 2022 at 18:18, Bo Berglund
wrote:
> On Wed, 28 Sep 2022 16:03:11 +0000, tincantech via Openvpn-users
> openvpn-users@lists.sourcefor
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi Bo,
the imminent release of Easy-RSA version 3.1.1 has tools to
manage your PKI with relative ease.
https://github.com/OpenVPN/easy-rsa
Command `show-expire` will list your entire PKI, a subset of
it or an individual certificate, at your reques
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
Sent with Proton Mail secure email.
--- Original Message ---
On Thursday, September 22nd, 2022 at 19:25, tincantech
wrote:
> --- Original Message ---
> On Thursday, September 22nd, 2022 at 15:06, Sebastian Arcus
> s.ar.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
Sent with Proton Mail secure email.
--- Original Message ---
On Thursday, September 22nd, 2022 at 15:06, Sebastian Arcus
wrote:
> I use openvpn on laptops to access the vpn server and the network behind
> it. When the laptops are co
1 - 100 of 200 matches
Mail list logo
