[OpenVPN home]	[Date Prev]	[Date Index]	[Date Next]
[OpenVPN mailing lists]	[Thread Prev]	[Thread Index]	[Thread Next]

[Openvpn-users] Re: Securing the OpenVPN on windows: How to? (repeated)

Subject: [Openvpn-users] Re: Securing the OpenVPN on windows: How to? (repeated)
From: Tony <kb2wjw@xxxxxxxxx>
Date: Wed, 05 Apr 2006 11:57:31 +0400

On Wed, 05 Apr 2006 10:24:27 +0400, Jon Bendtsen <jon.bendtsen@xxxxxxxxxx> wrote:

I use it with OpenVPN GUI and eToken. The account is non-admin one.
eToken? is that some hardware thing that stores the certificate?
Does the GUI actually ask for a password for that thing?

Yes, works nicely for me. Here's how I did it: # SSL/TLS parms. # See the server config file for more # description. It's best to use # a separate .crt/.key file pair # for each client. A single ca # file can be used for all clients. ca ca.crt cryptoapicert "THUMB:5a 74 7b 2d 58 c2 d0 9e e6 b9 8d 47 96 c0 60 c0 5a e4 2a 82"

Then an Aladdin's window pops up to ask a token's password and then the RSA key's passphraze.

  I'm trying to secure this installation and so far I see some strange
  things:
  1) "ta.key" file must be accessible for a non-admin user. Why? I
     thought this file is for openvpn.exe's use as the service. It
     should not be user-accessible, should it?

Can you suggest why I must make "ta.key" be user-accessible?
I do not like this.

Tony.


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-04/msg00073.html on line 202

Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-04/msg00073.html on line 202