Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
openvpn [2008/01/18 13:17]
a
openvpn [2009/06/23 09:35] (current)
193.164.137.40
Line 34: Line 34:
         % openssl dhparam -check -text -5 512     -out   dh512.pem         % openssl dhparam -check -text -5 512     -out   dh512.pem
         % openssl dhparam -check -text -5 1024  -out  dh1024.pem         % openssl dhparam -check -text -5 1024  -out  dh1024.pem
 +
 +===== authenticate OpenVPN users against a plain text file =====
 +<code bash| >
 +#/bin/sh
 +###########################################################
 +# checkpsw.sh (C) 2004 Mathias Sundman <mathias@openvpn.se>
 +#
 +# This script will authenticate OpenVPN users against
 +# a plain text file. The passfile should simply contain
 +# one row per user with the username first followed by
 +# one or more space(s) or tab(s) and then the password.
 +
 +PASSFILE="/etc/openvpn/psw-file"
 +LOG_FILE="/var/log/openvpn-password.log"
 +TIME_STAMP=`date "+%Y-%m-%d %T"`
 +
 +###########################################################
 +
 +if [ ! -r "${PASSFILE}" ]; then
 +  echo "${TIME_STAMP}: Could not open password file \"${PASSFILE}\" for reading." >> ${LOG_FILE}
 +  exit 1
 +fi
 +
 +CORRECT_PASSWORD=`awk '!/^;/&&!/^#/&&$1=="'${username}'"{print $2;exit}' ${PASSFILE}`
 +
 +if [ "${CORRECT_PASSWORD}" = "" ]; then 
 +  echo "${TIME_STAMP}: User does not exist: username=\"${username}\", password=\"${password}\"." >> ${LOG_FILE}
 +  exit 1
 +fi
 +
 +if [ "${password}" = "${CORRECT_PASSWORD}" ]; then 
 +  echo "${TIME_STAMP}: Successful authentication: username=\"${username}\"." >> ${LOG_FILE}
 +  exit 0
 +fi
 +
 +echo "${TIME_STAMP}: Incorrect password: username=\"${username}\", password=\"${password}\"." >> ${LOG_FILE}
 +exit 1
 +</code>
 +
 +
 +
 +===== OpenSSL / SSL stuff =====
 +
 +**Generate individual certs out of .pk12 cert**
 +
 +   openssl pkcs12 -nocerts -in default.p12 -out userkey.pem
 +   openssl pkcs12 -nokeys -clcerts -in default.p12 -out usercert.pem
 +   openssl pkcs12 -nokeys -cacerts -in default.p12 -out userca.pem
 +
 +
 +
 +==== change PKCS12 password using OpenSSL ====
 +
 +FIXME - **not tested!**
 +
 +   openssl pkcs12 -in old.p12 | openssl pkcs12 -export -out new.p12
 +
 +Then, you should type in:
 +  - Old import password
 +  - PEM password
 +  - PEM password again
 +  - PEM password again twice
 +  - New export password
 +
 +FIXME - alternative way
 +
 +<code>
 +#!/bin/bash
 +echo Exporting private KEY
 +openssl pkcs12 -nocerts -in $1 -out userkey.pem
 +echo Exporting public cert
 +openssl pkcs12 -nokeys -clcerts -in $1 -out usercert.pem
 +echo Exporting CA Cert
 +openssl pkcs12 -nokeys -cacerts -in $1 -out userca.pem
 +echo Creating new PKCS12 cert
 +openssl pkcs12 -export -in usercert.pem -inkey userkey.pem -certfile userca.pem -name "FOOBAR" -out $2
 +</code>
 +
openvpn.1200658650.txt.gz ยท Last modified: 2009/05/25 00:34 (external edit)
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0 ipv6 ready