nanog mailing list archives

Re: dns interceptors

From: Larry Brower <larry-lists () maxqe com>
Date: Sun, 14 Feb 2010 21:44:02 -0600

Randy Bush wrote:

end user to network

having probs with certs, i.e. what --outform it wants.  not finding in
docs.  tried raw, but now guessing pem.  same for client and server

server
  ca.crt
  server.crt
  server.key

client
  ca.crt
  client.crt
  client.key

and i presume i have to dump all client.crt files in the server's
../openvpn dir, but under what names?  or does it just wantonly trust
anyone under that ca?

randy

What error is getting logged?

They are just normal cert's and should be in the keys directory underopenvpn's user directory.

OpenVPN includes scripts that can make the certificates for you underthe directory easy-rsa

Current thread:

Re: dns interceptors [SEC=UNCLASSIFIED], (continued)
- - Re: dns interceptors [SEC=UNCLASSIFIED] Brandon Galbraith (Feb 12)
  - Re: dns interceptors [SEC=UNCLASSIFIED] Valdis . Kletnieks (Feb 13)
    - Re: dns interceptors [SEC=UNCLASSIFIED] Barry Shein (Feb 13)
    - Re: dns interceptors [SEC=UNCLASSIFIED] Tony Finch (Feb 15)
  - Re: dns interceptors [SEC=UNCLASSIFIED] Randy Bush (Feb 13)
    - Re: dns interceptors [SEC=UNCLASSIFIED] Jay Hennigan (Feb 13)
- Re: dns interceptors charles (Feb 14)
  - Re: dns interceptors Randy Bush (Feb 14)
- Re: dns interceptors charles (Feb 14)
  - Re: dns interceptors Randy Bush (Feb 14)
    - Re: dns interceptors Larry Brower (Feb 14)
    - Re: dns interceptors Randy Bush (Feb 14)
    - Re: dns interceptors Larry Brower (Feb 14)
    - Re: dns interceptors Scott Howard (Feb 14)
    - Re: dns interceptors Randy Bush (Feb 14)
    - Re: dns interceptors Stefan Bethke (Feb 14)
- Re: dns interceptors charles (Feb 14)