last week Mathias and me had some discussion ("OpenVPN GUI - another
feature idea") about how to make the life of our users easier. Mathias
eventually said that he doesn't wait for X509 certificate requests
from his users, but he creates the key/certificate pair on demand for
I don't know whether this behavior is common among the admin audience.
I decided to use what I call The Right Way and I let my users create
(using my structured and reasonably descriptive user manual) their
requests at home.
A week ago I introduced the VPN in our small company. My boss was a
beta tester of the approach. Next day he said that it would be
feasible for our users to follow that doc and create the key/req pair
at home. Maybe I made the doc well. :-)
Last week I wrote here on the list the description of the dream wizard
software that should help the users with such setup action. My goal
- keep the users from the strange black command line and BAT files
- have the most of the DN prepared and prefilled in the wizard's
form as admin configured,
- don't let to or at least warn the users from giving data that
are wrong at first sight,
- advices the users in the familiar way what to do next,
- allow dynamic dialog message customization & localization,
- simple source code so any average admin could modify the
behavior and recompile,
- minimal binary size so it will be easier to download in the
VPNKit package or carried home,
- minimal changes to other software (OpenVPN and OpenVPN-GUI),
- be general GUI replacement for 'openssl req -new' command (not
tied to OpenVPN).
I decided that it is easy to talk and hard to code and in the past few
days I wrote such application. There are none changes to other
software needed. Binary has 27KiB (uses libeay32.dll). Message
localization and customization is not implemented yet.
Once run and read the fairly rich INI file, the user can be asked only
for his/her name (CN), email address and then the KEY/REQ/OVPN files
are created for him under the name of given CN in the pre-set output
folder. After receiving the certificate from the CA and placing it in
the folder, the user can immediatelly start the session named after
him. I doubt it can be made any easier (maybe automatically sending
Multiple users using OpenVPN-GUI would also have the life easier. The
second user just runs the wizard and undergo the same procedure. The
wizard warns when its about to overwrite the previous files.
Much of the features may be uncerstood on the following URL (commented
Screenshots of the two main dialogs:
The program is not free yet. I made it for my company and I wish they
pay me for it. But my boss is a really reasonable guy and if I receive
some interest from you, I may ask him to let me free the code. I would
love if I see my program spreading and found useful, but I also don't
want to needlessly annoy my boss when noone is interested.
So please let me know.
Description: OpenPGP digital signature