Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
openvpn [2008/01/18 13:17] a |
openvpn [2009/06/23 09:35] (current) 193.164.137.40 |
||
---|---|---|---|
Line 34: | Line 34: | ||
% openssl dhparam -check -text -5 512 | % openssl dhparam -check -text -5 512 | ||
% openssl dhparam -check -text -5 1024 -out dh1024.pem | % openssl dhparam -check -text -5 1024 -out dh1024.pem | ||
+ | |||
+ | ===== authenticate OpenVPN users against a plain text file ===== | ||
+ | <code bash| > | ||
+ | #/bin/sh | ||
+ | ########################################################### | ||
+ | # checkpsw.sh (C) 2004 Mathias Sundman < | ||
+ | # | ||
+ | # This script will authenticate OpenVPN users against | ||
+ | # a plain text file. The passfile should simply contain | ||
+ | # one row per user with the username first followed by | ||
+ | # one or more space(s) or tab(s) and then the password. | ||
+ | |||
+ | PASSFILE="/ | ||
+ | LOG_FILE="/ | ||
+ | TIME_STAMP=`date " | ||
+ | |||
+ | ########################################################### | ||
+ | |||
+ | if [ ! -r " | ||
+ | echo " | ||
+ | exit 1 | ||
+ | fi | ||
+ | |||
+ | CORRECT_PASSWORD=`awk ' | ||
+ | |||
+ | if [ " | ||
+ | echo " | ||
+ | exit 1 | ||
+ | fi | ||
+ | |||
+ | if [ " | ||
+ | echo " | ||
+ | exit 0 | ||
+ | fi | ||
+ | |||
+ | echo " | ||
+ | exit 1 | ||
+ | </ | ||
+ | |||
+ | |||
+ | |||
+ | ===== OpenSSL / SSL stuff ===== | ||
+ | |||
+ | **Generate individual certs out of .pk12 cert** | ||
+ | |||
+ | | ||
+ | | ||
+ | | ||
+ | |||
+ | |||
+ | |||
+ | ==== change PKCS12 password using OpenSSL ==== | ||
+ | |||
+ | FIXME - **not tested!** | ||
+ | |||
+ | | ||
+ | |||
+ | Then, you should type in: | ||
+ | - Old import password | ||
+ | - PEM password | ||
+ | - PEM password again | ||
+ | - PEM password again twice | ||
+ | - New export password | ||
+ | |||
+ | FIXME - alternative way | ||
+ | |||
+ | < | ||
+ | #!/bin/bash | ||
+ | echo Exporting private KEY | ||
+ | openssl pkcs12 -nocerts -in $1 -out userkey.pem | ||
+ | echo Exporting public cert | ||
+ | openssl pkcs12 -nokeys -clcerts -in $1 -out usercert.pem | ||
+ | echo Exporting CA Cert | ||
+ | openssl pkcs12 -nokeys -cacerts -in $1 -out userca.pem | ||
+ | echo Creating new PKCS12 cert | ||
+ | openssl pkcs12 -export -in usercert.pem -inkey userkey.pem -certfile userca.pem -name " | ||
+ | </ | ||
+ |