From owner-freebsd-questions@FreeBSD.ORG Fri Jan 21 02:50:17 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0CDD316A4CE for ; Fri, 21 Jan 2005 02:50:17 +0000 (GMT) Received: from mail.seekingfire.com (caliban.rospa.ca [24.72.10.209]) by mx1.FreeBSD.org (Postfix) with ESMTP id D3E0E43D31 for ; Fri, 21 Jan 2005 02:50:16 +0000 (GMT) (envelope-from tillman@seekingfire.com) Received: by mail.seekingfire.com (Postfix, from userid 500) id 8F76B628; Thu, 20 Jan 2005 20:50:16 -0600 (CST) Date: Thu, 20 Jan 2005 20:50:16 -0600 From: Tillman Hodgson To: "freebsd-questions@freebsd.org" Message-ID: <20050121025016.GM85710@seekingfire.com> References: <41F064BE.8060509@metrocast.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <41F064BE.8060509@metrocast.net> X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to . X-GPG-Key-ID: 828AFC7B X-GPG-Fingerprint: 5584 14BA C9EB 1524 0E68 F543 0F0A 7FBC 828A FC7B X-GPG-Key: http://www.seekingfire.com/personal/gpg_key.asc X-Urban-Legend: There is lots of hidden information in headers X-Tillman-rules: yes he does User-Agent: Mutt/1.5.6i Subject: Re: openvpn? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Jan 2005 02:50:17 -0000 On Thu, Jan 20, 2005 at 09:11:10PM -0500, Shawn wrote: > I have been attempting to get open vpn working on my freebsd 4.11 Alpha > machine. SO Far I have done the following.. > > I did the make install for /usr/ports/security/openvpn/ > > Where is uses SSL Im trying to understand the config file for > /etc/ssl/openssl.cnf After an attempted figure change I try to generate > the keys.. > > I create a master certificate authority certificate/private-key > > *openssl req -nodes -new -x509 -keyout shawng-ca.key -out shawng-ca.crt > -days 3650* I might be missing something, but why are you using openssl directly? If you just want shared keys, `openvpn --secret /path/to/where/you/want/private/key --genkey` is probably all you need to do. -T -- If you are not happy here and now, you never will be. Taisen Deshimaru