|
|
Erm. One thing -- with regard to your subject line: It's not ./vars, it's ". vars", or "source vars". (You're doing this in /etc/openvpn/easy-rsa, not /etc/openvpn, right?) Also, it's not really best practice to keep your CA on the same machine as your VPN server -- if they're on the same machine, someone who cracks your VPN server can build themselves new certificates; otherwise, if someone cracks your VPN server you need to rebuild it but don't need to disqualify the certs held by the client machines. OpenVPN doesn't need access to the CA private key or the client keys to operate, just the server's own public and private key pair, the CA certificate and (if you have any revoked clients) the certificate revocation list. ______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-users |