OpenVPN Keys [Archive] - Screaming Electron Forums

Kernel_Killer

March 2nd, 2006, 20:00

I was wondering if anyone knew of a way to set a generic key with OpenVPN. Here is what I'm trying to accomplish. I'm using a temporary VPN for an imaged box build, have it set to when the image is dropped on a system it asks for a key number, then downloads that key set, and uses those keys until a permenant set is made. Unfortunatly, these keys are only provided local, and would much rather have a global generic key set built into the image. Is there any way in OpenVPN to set it to where multiple systems can use the same key w/o causing issues with connectivity?

oxtan

March 17th, 2006, 17:40

a bit late, but hey, if it helps ...

I think that openvpn allows multiple clients to share the same key if you uncomment the line:

;duplicate-cn

as they say: only for testing purposes.

Kernel_Killer

March 17th, 2006, 23:08

Yeah, I think that's what I ended up doing, but thanks for the follow-up. Good for future ref.

djrush

March 23rd, 2006, 09:16

I just joined in this forum, and I have a question on generating keys..

When I build the server key using command : build-key-server server

I keep getting the following error:

Error opening CA private key "C:\Program Files\OpenVPN\easy-rsa\keys"/ca.key
2648:error:0200107B:system library:fopen:Unknown error:.\crypto\bio\bss_file.c:278:fopen('"C:\Program Files\OpenVPN\easy-rsa\keys"/ca.key','rb')
2648:error:20074002:BIO routines:FILE_CTRL:system lib:.\crypto\bio\bss_file.c:280:
unable to load CA private key
Could Not Find C:\Program Files\OpenVPN\easy-rsa\keys\*.old

I've even set the paths using these statements in the batch file:

set KEY_DIR="C:\Program Files\OpenVPN\easy-rsa\keys"
set KEY_CONFIG="C:\Program Files\OpenVPN\easy-rsa\openssl.cnf"

Am I forgetting something?

Strog

March 23rd, 2006, 10:22

This really should be a new thread since it's a new discussion about OpenVPN but here we go anyway. :icon_smil

Edit C:\Program Files\OpenVPN\easy-rsa\vars.bat and fill in all the values for your certs. Run init-config, vars, clean-all and build-ca before you run your build-key-server.

Here's (http://www.itsatechworld.com/2006/01/29/how-to-configure-openvpn/) a link to a howto with windows generating the keys.

While this isn't a Windows forum, many of us around here do deal with it to varying degree and will answer a question about it if it's somewhat relavant. Welcome to SE for all your BSD needs. :wink:

Kernel_Killer

March 26th, 2006, 06:04

Make sure in Windows that you set your keys and certs Directories are set with double slashes.

C:\\OpenVPN Keys\\Client\\ca.crt