Hi. On Sat, Dec 12, 2015 at 5:23 PM, Arne Schwabe <a...@rfc2549.org> wrote: > Might not really be related to this but have looked into the work that > provides the certificates and keys via the managment console? We have > even have a contrib program that gets certificates from the Mac OS X > keychain and provides them to OpenVPN.
Thanks, but I think that should be a separate discussion. That would work for some situations, but the keychain (actually, OS X has several keychains) may not be accessible to OpenVPN; files are always accessible, even before a user is logged in. And I don't think (I'm doing this from memory, so I might be wrong) that the Keychain patch allows **all** of the encryption info to be taken from the keychain: I don't think it allows --secret, --ta, etc.