[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

[Openvpn-users] Going mad trying to figure out RSA/TLS encryption

  • Subject: [Openvpn-users] Going mad trying to figure out RSA/TLS encryption
  • From: Rupert Heesom <rupert@xxxxxxxxxxxxx>
  • Date: Fri, 18 Feb 2005 09:16:38 +0000

Hi  :-(

I'm trying to install OpenVPN between a linux server and WinXP client. 
I'm using v2 of OpenVPN cause my XP is sp2.

I've managed to get a shared key 1 - 1 tunnel working, but I want to 1-
many VPN from the linux server.  Thus I'm trying to get TLS encryption
working with all those keys, certs, etc.

I've read through multiple sets of docs multiple times, but I'm still
somewhat confused....

Using the "easy-rsa" scripts that come with the source, I've managed to
successfully run build-ca, build-inter (although I understand not
strictly necessary), and build-dh.  build-key-server doesn't seem to
like being signed.  I keep getting an error that the TXT database can't
be updated, Error 2.   

I noticed that the intermediate cert was being signed, so I tried
revoking the sig from the Intermed crt.   Suddenly using sign-req
actually worked for the main ServerCert.crt - the "TXT" database was

Having said all the above, I still don't know what I'm doing - don't
understand much of what the "signing" is about etc.

All I'm really looking for is a SIMPLE writeup of how RSA/TLS encryption
is supposed to work.  Most of the docs are in too much depth to be any
use.    All I need to know is 1) Which files to generate and how  2) 
Where each file goes - server or client  3)  How to ensure that the conf
files are specified correctly for both server and client.

I'm sure there's no simple docs lying around - they all seem to be for
written by engineers who don't know how to think simply anymore!  
Perhaps there is someone who wouldn't mind a QUICK tutorial?

In the meantime I'll muddle on and see how far I get... !

Rupert Heesom <rupert@xxxxxxxxxxxxx>

Openvpn-users mailing list