-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Also,
Sent with Proton Mail secure email.
--- Original Message ---
On Wednesday, March 8th, 2023 at 16:35, tincantech via Openvpn-users
wrote:
>
>
>
>
>
> Sent with Proton Mail secure email.
>
>
> --- Original Message
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sent with Proton Mail secure email.
--- Original Message ---
On Wednesday, March 8th, 2023 at 14:30, Bo Berglund
wrote:
> On Wed, 08 Mar 2023 01:45:40 +, tincantech via Openvpn-users
> openvpn-users@lists.sourceforge.net wrote:
On Wed, 08 Mar 2023 01:45:40 +, tincantech via Openvpn-users
wrote:
>Appears to be correct.
So now I have finally attacked the existing easy-rsa dir by doing this:
1) Copied the whole dir to easyrsa3 and renamed the source dir to easyrsa2
2) Removed some old script files I had written and
On Wed, 08 Mar 2023 01:45:40 +, tincantech via Openvpn-users
wrote:
>Appears to be correct.
>
>FYI, 'git' is really good too, you might give it a shot.
>
>Once again, thanks for your help .. to have come away from
>testing the upgrade so thoroughly, with only minor wounds,
>is remarkable :-)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Wednesday, March 8th, 2023 at 00:24, Bo Berglund
wrote:
> On Tue, 07 Mar 2023 11:55:34 +0100, Bo Berglund bo.bergl...@gmail.com wrote:
>
> > I have now completed my conversion of the old script to ease bui
This doesn't really address the EasyRSA tool questions - but I was always
fairly frustrated with the use of EasyRSA.
I wrote some scripts to use GNUTLS to generate certs/keys.
(I'm usually on a Windows platform, so I use the Windows GNUTLS port.)
I can generate a hundred certs/keys in just a few m
On Tue, 07 Mar 2023 11:55:34 +0100, Bo Berglund wrote:
>I have now completed my conversion of the old script to ease building ovpn
>files
>for the clients. It handles both with and without password protection.
While documenting my procedure for the test upgrade on a copy of my real system
I not
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sent with Proton Mail secure email.
--- Original Message ---
On Tuesday, March 7th, 2023 at 10:55, Bo Berglund wrote:
>
> I have now completed my conversion of the old script to ease building ovpn
> files
> for the clients. It han
On Mon, 06 Mar 2023 21:39:12 +, tincantech via Openvpn-users
wrote:
>On Monday, March 6th, 2023 at 20:42, Bo Berglund wrote:
>
>
>
>> Question:
>> -
>> I will call easy-rsa from within my script and I want to enter the password
>> as a
>> variable in the script and pass it to easy-r
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Monday, March 6th, 2023 at 20:42, Bo Berglund wrote:
> Question:
> -
> I will call easy-rsa from within my script and I want to enter the password
> as a
> variable in the script and pass it to ea
On Mon, 06 Mar 2023 18:58:36 +, tincantech via Openvpn-users
wrote:
>Only private keys can be encrypted by openssl with a password.
>Certificates are basically public keys, therefore, password
>protecting them is completely pointless. EasyRSA does not
>offer any form of subsequent encryption.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
Only private keys can be encrypted by openssl with a password.
Certificates are basically public keys, therefore, password
protecting them is completely pointless. EasyRSA does not
offer any form of subsequent encryption.
You can encrypt any fi
On Mon, 06 Mar 2023 18:35:52 +0100, Bo Berglund wrote:
>TestClient3 should NOT have a password in there...
Typo:
TestClient3 *should* have a password whereas the 1 and 2 should not...
But all ask for it.
Is there awy to check if a file is password protected?
--
Bo Berglund
Developer in Swede
On Mon, 06 Mar 2023 16:31:57 +, tincantech via Openvpn-users
wrote:
>Hi,
>
>To build private keys without passwords, either:
>- easyrsa build-client-full cli-name nopass (The original method)
>or
>- easyrsa --nopass build-client-full cli-name (The new method)
>Option --nopass can be either --
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
To build private keys without passwords, either:
- easyrsa build-client-full cli-name nopass (The original method)
or
- easyrsa --nopass build-client-full cli-name (The new method)
Option --nopass can be either --nopass or --no-pass
All will rem
On Mon, 06 Mar 2023 12:55:05 +0100, Bo Berglund wrote:
>And I guess now $KEY_DIR needs to be changed to a set of different dirs
>depending on the type of file being worked on...
I ran some manual tests on the converted easyrsa3 dir and it seems like one is
not given the ability to enter client s
On Sun, 05 Mar 2023 23:29:14 +, tincantech via Openvpn-users
wrote:
>Thank you for your patience and determination!
>It has been invaluable to solving this issue.
Glad to be able to contribute some to the OpenVPN project!
I have used it since about 2012 as a way to hook up my different locat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
Follow-up:
https://github.com/OpenVPN/easy-rsa/issues/905
--- Original Message ---
On Sunday, March 5th, 2023 at 22:03, Bo Berglund wrote:
> On Sun, 05 Mar 2023 18:15:02 +, tincantech via Openvpn-users
> openvpn-users@lists.sour
On Sun, 05 Mar 2023 18:15:02 +, tincantech via Openvpn-users
wrote:
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA256
>
>Hi,
>Bo,
>
>first, please accept my apologies for putting you through this torture.
>Somebody had to test it one day, that day has come.
>Second, thank you for persevering
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
Bo,
first, please accept my apologies for putting you through this torture.
Somebody had to test it one day, that day has come.
Second, thank you for persevering with me.
Hopefully, I have found a reasonably simple solution.
Required chang
On Sun, 05 Mar 2023 15:26:47 +, tincantech via Openvpn-users
wrote:
>
>please remember to copy the mailing list.
Will do, I thought that you wanted it off the list until sorted...
>
>Comment below.
>
>
>--- Original Message ---
>On Sunday, March 5th, 2023 at 09:53, Bo Berglund wrot
cannot see why there is a mismatch. However, we can omit that check.
Find this code below the code you copied above:
if [ "$CA_vars_match" -eq 1 ]
then
CURRENT_CA_IS_VERIFIED="partially"
else
up23_fail_upgrade "CA certi
t...@protonmail.com
> >
> > Sent: Saturday, 4 March 2023 16:20
> > To: bo.bergl...@gmail.com; openvpn users list
> > (openvpn-users@lists.sourceforge.net) openvpn-users@lists.sourceforge.net
> >
> > Subject: RE: [Openvpn-users] Easy-rsa 3 config questio
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
EASYRSA_TEMP_DIR is a temporary directory, which MUST exist
and you MUST have write access to it. It can be anywhere.
Also, env-vars can be specified on the command line.
eg: $ EASYRSA_TEMP_DIR="/tmp/easyrsa" easyrsa upgrade pki
Without ';' ter
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Friday, March 3rd, 2023 at 17:31, Bo Berglund wrote:
> > > > The simple answer is, try it!
> > >
> > > Hmm, nothing seems to have happened:
> > > ---
> > > $ ./easyrsa upgrade pki
On Fri, 03 Mar 2023 15:45:51 +, tincantech via Openvpn-users
wrote:
>> Does the upgrade read the ./keys dir and put converted data into ./pki ??
>>
>
>The upgrade is intended to create a v3 ./pki from a v2 ./keys folder.
>Certificates are copied to ./pki/issued.
>Keys are copied to ./pki/pri
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Friday, March 3rd, 2023 at 15:03, Bo Berglund wrote:
> On Fri, 03 Mar 2023 14:40:01 +0100, Bo Berglund bo.bergl...@gmail.com wrote:
>
> > So I have created a new "easy-rsa" dir by doing this:
> >
> > wget
On Fri, 03 Mar 2023 14:40:01 +0100, Bo Berglund wrote:
>So I have created a new "easy-rsa" dir by doing this:
>
>wget
>https://github.com/OpenVPN/easy-rsa/releases/download/v3.1.2/EasyRSA-3.1.2.tgz
>tar -xvf EasyRSA-3.1.2.tgz
>
>This gives me a new EasyRSA-3.1. subdir in parallel with the existin
On Thu, 02 Mar 2023 18:02:08 +, tincantech via Openvpn-users
wrote:
>Hi Bo,
>
>I would be interested to know the results of using EasyRSA
>to upgrade from a version 2 PKI to version 3.
>
>It worked in all my tests but that's not really enough.
>
>As the author of the `upgrade`, I am happy to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi Bo,
I would be interested to know the results of using EasyRSA
to upgrade from a version 2 PKI to version 3.
It worked in all my tests but that's not really enough.
As the author of the `upgrade`, I am happy to help you with that.
Thanks
Richa
On Thu, 02 Mar 2023 14:01:24 +, tincantech via Openvpn-users
wrote:
>--- Original Message ---
>On Thursday, March 2nd, 2023 at 10:12, Bo Berglund
>wrote:
>
>
>> I have downloaded easy-rsa3 version to my OpenVPN server for testing.
>> I did so using wget on the v3.1.2/EasyRSA-3.1.2.t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Thursday, March 2nd, 2023 at 10:12, Bo Berglund
wrote:
> I have downloaded easy-rsa3 version to my OpenVPN server for testing.
> I did so using wget on the v3.1.2/EasyRSA-3.1.2.tgz file below Releases at
>
I have downloaded easy-rsa3 version to my OpenVPN server for testing.
I did so using wget on the v3.1.2/EasyRSA-3.1.2.tgz file below Releases at
GitHub.
When I read the vars.example file I see that most of what I had to do in the
vars file before is not really needed anymore. :-)
But there are a
33 matches
Mail list logo
