-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Sent with Proton Mail secure email. ------- Original Message ------- On Tuesday, March 7th, 2023 at 10:55, Bo Berglund <bo.bergl...@gmail.com> wrote: <snip> > > I have now completed my conversion of the old script to ease building ovpn > files > for the clients. It handles both with and without password protection. > > While doing so I saw that easyrsa3 does produce some files I don't know what > purpose they are for: > > Into dir pki/reqs the conversion moved the old *.csr files but new files > winding > up here are .req. > What are these used for? They (.csr and *.req) do not get into the OVPN files > and they are not mentioned in the OpenVPN server.conf files. > .csr means certificate signing request. .req means the same thing but is simply "request". For v3 they must be .req > > > In pki/inline/ there are a number of ClientName.inline files, what are these > used for? Are they the collection needed for the ovpn files? These are inline files, created automatically for convenience. If you are building your own inline files then you can ignore them. > > These files contain 3 of the sections I am putting into the ovpn files: > > <cert> > > .... This section contains more than the encypted cert which I use > </cert> > > <key> > > .... This is the client.key itself > </key> > > <ca> > > ... This is the ca.crt > <ca> > > > > But the ta.key file is not there, do I need to include the ta.key in my ovpn > files??? > It is now being put into a <tls-auth> section at the end of the ovpn files... > > > Note: > In my OpenVPN server.conf files I have this directive: > > tls-auth /etc/openvpn/keys/ta.key 0 # This file is secret > > It seems like such a file should not get into the ovpn files that are > distributed, right? > > Should that section be removed from the new ovpn files? > > You should know what an OpenVPN --tls-auth key is and why you need it. The reason Easy-RSA does not add that key to the inline files automatically is because it does not know of this file. Regards R -----BEGIN PGP SIGNATURE----- Version: ProtonMail wsBzBAEBCAAnBQJkB05CCRBPl5z2a5C4nRYhBAm8PURno41yecVVVU+XnPZr kLidAABsyQgAgXlqCBgNGkAiSRRKQ4/BWsFsdiwRRdYuwDae2szW6TSWId92 3o3OHTNLG76QEsuSs2W5FfR8W0Vx52r39xjZDtTIU98mButEFwu5wuQf11FN DAV6RR/9uxlNBFcEXMQ3gjhiK3XlykVsrQNZboSNVCOFAqB9UqTUyo7I65e6 nGx4w8wsUSm7ey3b+KnsuSVLsA1Pnj08aUvAtQX8tljcAvWCIak7oy3OV6iF PK3zpLcHUb2XwQpQXPu08Ef6TcuR7J5W8msS+WM5B82aQAtmuYRgI3zL5L6g 8wzbVLrkZttpfNKbjU3iP05ps0fHpK/8djJSVU2m0Xg/I0LT1PUZfQ== =oOZs -----END PGP SIGNATURE-----
publickey - tincantech@protonmail.com - 0x09BC3D44.asc
Description: application/pgp-keys
publickey - tincantech@protonmail.com - 0x09BC3D44.asc.sig
Description: PGP signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
