[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Re: Securing the OpenVPN on windows: How to? (repeated)

  • Subject: [Openvpn-users] Re: Securing the OpenVPN on windows: How to? (repeated)
  • From: Tony <kb2wjw@xxxxxxxxx>
  • Date: Wed, 05 Apr 2006 11:57:31 +0400
On Wed, 05 Apr 2006 10:24:27 +0400, Jon Bendtsen <jon.bendtsen@xxxxxxxxxx> wrote:
I use it with OpenVPN GUI and eToken. The account is non-admin one. 
eToken? is that some hardware thing that stores the certificate?
Does the GUI actually ask for a password for that thing?
Yes, works nicely for me.
Here's how I did it:
# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
ca ca.crt
cryptoapicert "THUMB:5a 74 7b 2d 58 c2 d0 9e e6 b9 8d 47 96 c0 60 c0 5a e4 2a 82"

Then an Aladdin's window pops up to ask a token's password and then the RSA key's passphraze.


  I'm trying to secure this installation and so far I see some strange
  things:
  1) "ta.key" file must be accessible for a non-admin user. Why? I
     thought this file is for openvpn.exe's use as the service. It
     should not be user-accessible, should it?

Can you suggest why I must make "ta.key" be user-accessible?
I do not like this.

Tony.


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users