|
|
Peter Barwich wrote:
Hmmm....
Not sure why you need a custom build of openvpngui. V 1.03 has a
registry setting in HKLM\SOFTWARE\OPENVPN-GUI which enables changing
passphrase from the gui (allow_password) See
http://openvpn.se/install.txt.
But there's a problem. If you enable and enter a pass phrase (must be
at least 8 digits) then, as expected, you get a dialogue box asking for
the phrase when you connect from the gui. But then, after disconnecting
from the gui, you try to connect by starting ovpn as a service
the process fails. This is because the act of enabling a pass phrase
has actually changed your key file (its header now includes the word
ENCRYTPEDDEK) and starting as a service does not throw up a passphrase
dialogue box. If then, from the gui, you try and change the passphrase,
it will not allow you to enter a blank phrase. In effect you cannot
remove the encryption from your keyfile. Thus you cannot revert to
running ovpn as a service.
The message is. Keep a copy of your working key file if you experiment
with this. You can then simply copy it back to the config directory to
restore the situation to NOT requiring a passphrase, and you can
therefore revert to using ovpn as a service should you so wish.
This is completely false. If you have an encrypted private key file
you can easily decrypt it by using the following openssl command:
`openssl rsa -in encrypted.key -out unencrypted.key`. Likewise, you
can encrypt an unencrypted key with `openssl rsa -in unencrypted.key
-des3 -out encrypted.key`. Obviously to read an encrypted key you must
provide the passphrase and to encrypt you must choose a passphrase for
the output file.
--
Josh
|
Attachment:
signature.asc
Description: OpenPGP digital signature
|