Date: Mon, 16 Nov 2015 13:55:30 -0800 From: Charles Swiger <cswiger@mac.com> To: Dave B <g8kbvdave@gmail.com> Cc: FreeBSD - <freebsd-questions@freebsd.org> Subject: Re: Help/advice request please. Message-ID: <822C3CCA-C3FA-42FA-8F25-971D6D081EFC@mac.com> In-Reply-To: <564A4CE3.9663.851BBC@g8kbvdave.googlemail.com> References: <564A4CE3.9663.851BBC@g8kbvdave.googlemail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Nov 16, 2015, at 1:38 PM, Dave B <g8kbvdave@gmail.com> wrote: > Trying to figure out how to get openvpn setup, ultimately for a small = number of=20 > traveling client machines (Linux and Windows) all owned by myself, for = my own=20 > personal use. >=20 > Is there any (in plain english) "how-to's" out there, that actually = work? Sure. Use preshared static keys, documented here: = https://openvpn.net/index.php/open-source/documentation/miscellaneous/78-s= tatic-key-mini-howto.html = <https://openvpn.net/index.php/open-source/documentation/miscellaneous/78-= static-key-mini-howto.html> Use client certs when you're supporting dozens of different users, not = one. > In particular, in regards to creating a self-signed CA (and the other = needed)=20 > certificates, working at the command line. >=20 > I'm falling over with the (undocumented) various user input data = fields. > For example, it's taken me a full week, to find out that my country = code is not=20 > UK, or 44, but GB! >=20 > But there is no guidance as to what the other field values should (or = should=20 > not) be. Such as region/state etc. x.509 PKI cryptography is hard. Running your own CA is sufficient work = that most people pay good money for certs rather than doing it themselves. Regards, --=20 -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?822C3CCA-C3FA-42FA-8F25-971D6D081EFC>