|
|
... > Dave wrote: > > Interesting, it definitely does work for me, and I'm using > the stock > > openvpngui build. Pretty much, as soon an you try to > connect a simple > > dialog box pops up asking for the passphrase. I use this > on a daily > > basis. > > Does this mean I can > > 1) start the server side as a service? > > 2) use openvpn-gui to connect the > client to the server and be prompted > for a password when I try to connect > to the server? > > 3) the "password" is to access the > certificate on the client, not > a challenge from the server? ... Yes, yes, and yes. 1) starting the server side as a service doesn't involve the openvpngui (which is for the client functionality). I should qualify this statement by saying that starting as a service happens before anyone logs in, so the _servers_ key file, if encrypted with a passphrase, may give you problems since noone interactive is present to provide the passphrase. Personally I run my server on unix, but if I were to run it on NT I would probably make the key file readable only to Local System and deny everyone else. And not encrypt it. 2) yes, my openvpngui at least, prompts for the private key passphrase. Again I do this multiple times per day. I'm pretty sure the stock build behaves this way. (I did a custom build so I could enable the feature to change the passphrase from the gui, which is not turned on in the stock build.) I could send you my openvpn-gui-1.0.3.exe if you think it might help diagnose your problem. 3) Yes, the password is on the private key (not the cert, but the private key associated with the cert). It's used to decrypt the private key locally and is not transmitted in any form, encrypted, hashed or otherwise, to the server. -Dave ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |