[[openvpn]]
Trace:
Show page
AdminRecent ChangesSitemap

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
openvpn [2009/02/23 11:47]
a + change PCKS12 password 		openvpn [2009/06/23 09:35] (current)
193.164.137.40
Line 34: Line 34:
         % openssl dhparam -check -text -5 512     -out   dh512.pem         % openssl dhparam -check -text -5 512     -out   dh512.pem
         % openssl dhparam -check -text -5 1024  -out  dh1024.pem         % openssl dhparam -check -text -5 1024  -out  dh1024.pem
 +
 +===== authenticate OpenVPN users against a plain text file =====
 +<code bash| >
 +#/bin/sh
 +###########################################################
 +# checkpsw.sh (C) 2004 Mathias Sundman <mathias@openvpn.se>
 +#
 +# This script will authenticate OpenVPN users against
 +# a plain text file. The passfile should simply contain
 +# one row per user with the username first followed by
 +# one or more space(s) or tab(s) and then the password.
 +
 +PASSFILE="/etc/openvpn/psw-file"
 +LOG_FILE="/var/log/openvpn-password.log"
 +TIME_STAMP=`date "+%Y-%m-%d %T"`
 +
 +###########################################################
 +
 +if [ ! -r "${PASSFILE}" ]; then
 +  echo "${TIME_STAMP}: Could not open password file \"${PASSFILE}\" for reading." >> ${LOG_FILE}
 +  exit 1
 +fi
 +
 +CORRECT_PASSWORD=`awk '!/^;/&&!/^#/&&$1=="'${username}'"{print $2;exit}' ${PASSFILE}`
 +
 +if [ "${CORRECT_PASSWORD}" = "" ]; then 
 +  echo "${TIME_STAMP}: User does not exist: username=\"${username}\", password=\"${password}\"." >> ${LOG_FILE}
 +  exit 1
 +fi
 +
 +if [ "${password}" = "${CORRECT_PASSWORD}" ]; then 
 +  echo "${TIME_STAMP}: Successful authentication: username=\"${username}\"." >> ${LOG_FILE}
 +  exit 0
 +fi
 +
 +echo "${TIME_STAMP}: Incorrect password: username=\"${username}\", password=\"${password}\"." >> ${LOG_FILE}
 +exit 1
 +</code>
  
  
Line 44: Line 82:
    openssl pkcs12 -nokeys -clcerts -in default.p12 -out usercert.pem    openssl pkcs12 -nokeys -clcerts -in default.p12 -out usercert.pem
    openssl pkcs12 -nokeys -cacerts -in default.p12 -out userca.pem    openssl pkcs12 -nokeys -cacerts -in default.p12 -out userca.pem
 +
  
  
 ==== change PKCS12 password using OpenSSL ==== ==== change PKCS12 password using OpenSSL ====
 +
 +FIXME - **not tested!**
  
    openssl pkcs12 -in old.p12 | openssl pkcs12 -export -out new.p12    openssl pkcs12 -in old.p12 | openssl pkcs12 -export -out new.p12
Line 57: Line 98:
   - New export password   - New export password
  
 +FIXME - alternative way
 +
 +<code>
 +#!/bin/bash
 +echo Exporting private KEY
 +openssl pkcs12 -nocerts -in $1 -out userkey.pem
 +echo Exporting public cert
 +openssl pkcs12 -nokeys -clcerts -in $1 -out usercert.pem
 +echo Exporting CA Cert
 +openssl pkcs12 -nokeys -cacerts -in $1 -out userca.pem
 +echo Creating new PKCS12 cert
 +openssl pkcs12 -export -in usercert.pem -inkey userkey.pem -certfile userca.pem -name "FOOBAR" -out $2
 +</code>
  
openvpn.1235386049.txt.gz ยท Last modified: 2009/05/25 00:34 (external edit)
Show pageOld revisions
Media ManagerBack to top
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0 ipv6 ready