nanog mailing list archives
Re: dns interceptors
From: charles () knownelement com
Date: Mon, 15 Feb 2010 04:08:26 +0000
Yes. Easy rsa is the way to go. They are normal certs. Check the scripts if you want to roll your own openssl wrapper scripts. ------Original Message------ From: Larry Brower To: nanog () nanog org Subject: Re: dns interceptors Sent: Feb 14, 2010 7:44 PM Randy Bush wrote:
end user to network having probs with certs, i.e. what --outform it wants. not finding in docs. tried raw, but now guessing pem. same for client and server server ca.crt server.crt server.key client ca.crt client.crt client.key and i presume i have to dump all client.crt files in the server's ../openvpn dir, but under what names? or does it just wantonly trust anyone under that ca? randy
What error is getting logged? They are just normal cert's and should be in the keys directory under openvpn's user directory. OpenVPN includes scripts that can make the certificates for you under the directory easy-rsa Sent via BlackBerry from T-Mobile
Current thread:
- Re: dns interceptors, (continued)
- Re: dns interceptors charles (Feb 14)
- Re: dns interceptors Randy Bush (Feb 14)
- Re: dns interceptors charles (Feb 14)
- Re: dns interceptors Randy Bush (Feb 14)
- Re: dns interceptors Larry Brower (Feb 14)
- Re: dns interceptors Randy Bush (Feb 14)
- Re: dns interceptors Larry Brower (Feb 14)
- Re: dns interceptors Randy Bush (Feb 14)
- Re: dns interceptors Scott Howard (Feb 14)
- Re: dns interceptors Randy Bush (Feb 14)
- Re: dns interceptors charles (Feb 14)
- Re: dns interceptors Stefan Bethke (Feb 14)