Re: [Openvpn-users] Re: Securing the OpenVPN on windows: How to? (repeated)

[Jon Bendtsen <jon.bendtsen@xxxxxxxxxx>]

Den onsdag 5.apr kl. 9:57 skrev Tony:

> On Wed, 05 Apr 2006 10:24:27 +0400, Jon Bendtsen  
> <jon.bendtsen@xxxxxxxxxx> wrote:
> > >   I use it with OpenVPN GUI and eToken. The account is non-admin  
> > > one.
> > eToken? is that some hardware thing that stores the certificate?
> > Does the GUI actually ask for a password for that thing?
> Yes, works nicely for me.
> Here's how I did it:
> # SSL/TLS parms.
> # See the server config file for more
> # description.  It's best to use
> # a separate .crt/.key file pair
> # for each client.  A single ca
> # file can be used for all clients.
> ca ca.crt
> cryptoapicert "THUMB:5a 74 7b 2d 58 c2 d0 9e e6 b9 8d 47 96 c0 60  
> c0 5a e4 2a 82"

aha, i used --pkcs11


> Then an Aladdin's window pops up to ask a token's password and then  
> the RSA key's passphraze.

how nice :-)


> > >   I'm trying to secure this installation and so far I see some  
> > > strange
> > >   things:
> > >   1) "ta.key" file must be accessible for a non-admin user. Why? I
> > >      thought this file is for openvpn.exe's use as the service. It
> > >      should not be user-accessible, should it?
> Can you suggest why I must make "ta.key" be user-accessible?
> I do not like this.

i'm sorry, i dont know why. But maybe it is started as that user and  
later
switch to another user







JonB

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users