Re: [leaf-devel] 6.0.1 issue with DNAT (off-topic)

2017-01-05 Thread Erich Titl
Am 05.01.2017 um 15:53 schrieb Boris: > Hej Erich, > > Am 03.01.2017 um 19:12 schrieb Erich Titl: >> Hi Boris >> ... >> >> I for myself have decided a long time ago to use some offline tool to >> handle my certificates. It is better anyway to keep this tool away from >> the target machine. It also

Re: [leaf-devel] 6.0.1 issue with DNAT

2017-01-05 Thread Boris
Hej Erich, Am 03.01.2017 um 19:12 schrieb Erich Titl: > Hi Boris > > Am 03.01.2017 um 11:49 schrieb Boris: >> Hej all, >> >> >> I was missing those scripts, too. And as far that I remember, they are >> even not in the easyrsa-package. > > Please note that the easyrsa scripts themselves are kind

Re: [leaf-devel] 6.0.1 issue with DNAT

2017-01-04 Thread kp kirchdoerfer
Hi Joern; Am Dienstag, 3. Januar 2017, 11:32:03 schrieb Jørn Eriksen: > Hello there, > > It seams also that 6.0.x has issues with DNAT when using Shorewall. Not > sure as to all the sub-modules involved - Tom belived is was due to > issues with > xt_nat > nf_nat > nf_nat_ipv4 I've started a fres

Re: [leaf-devel] 6.0.1 issue with DNAT

2017-01-03 Thread Erich Titl
Hi Boris Am 03.01.2017 um 11:49 schrieb Boris: > Hej all, > > > I was missing those scripts, too. And as far that I remember, they are > even not in the easyrsa-package. Please note that the easyrsa scripts themselves are kind of proof of concept thingies and not intended for _real_ crucial cert

Re: [leaf-devel] 6.0.1 issue with DNAT

2017-01-03 Thread Boris
Hej Joern, I don't know why those scripts are gone. Maybe they will reappear in 6.0.2? Assumed, that you configured and sourced /etc/easyrsa/vars, you can generate a specific key file by setting the variable KEY_CN="BORIS-CN" pkitool boris KEY_CN="JOERN-CN" pkitool joern and so on. (got t

Re: [leaf-devel] 6.0.1 issue with DNAT

2017-01-03 Thread Jørn Eriksen
The build-key* scrips use pkitool but have the correct paramters so one do not need to enter the parameters manually. In older versions they used to be there, along side the build-ca and build-dh scripts... J On 03. jan. 2017 12:49, Boris wrote: > Hej all, > > > I was missing those scripts, too

Re: [leaf-devel] 6.0.1 issue with DNAT

2017-01-03 Thread Boris
Hej all, I was missing those scripts, too. And as far that I remember, they are even not in the easyrsa-package. I learned that pkitool is to be used! Boris Am 03.01.2017 um 12:09 schrieb Jørn Eriksen: > Hello again, > > The build-key-server & build-key script are usually NOT in the > openvp

Re: [leaf-devel] 6.0.1 issue with DNAT

2017-01-03 Thread Jørn Eriksen
Hello there, It seams also that 6.0.x has issues with DNAT when using Shorewall. Not sure as to all the sub-modules involved - Tom belived is was due to issues with xt_nat nf_nat nf_nat_ipv4 Futher - the openvpn.lrp package are missing the build-key-server and build-key scripts. The later file