Re: OpenVPN Questions

From: Tim Niemueller <tim niemueller de>
To: networkmanager-list gnome org
Subject: Re: OpenVPN Questions
Date: Tue, 15 Nov 2005 11:59:11 +0100

Ryan Skadberg wrote:

Hi Ryan.

> 1) How do I debug?  I can't seem to find any logs to use.

Start the NetworkManager on a root console with --nodaemon. This will
give plenty of output. There is also some information in your syslog,
but especially the OpenVPN output will not be in the syslog. The coming
version will use the syslog option of OpenVPN for easier debugging.

> 2) Just to make sure I have things set up correct, I got the following
> files from my IT guys:
>  * ca.crt
>  * skadz.conf
>  * skadz.crt
>  * skadz.key
> So, I think they would match up with the configuration like this:

I assume that your machine is named skadz, then you need:
* CA file, which is named ca.crt. This is used to sign all keys and on
your client side to verify that the server presented a valid certificate
to you
* skadz.crt, skadz.key: This is your public/private key pair. Ideally
you would create the key file on your machine, from that certificate
signing request, give that to the IT department and they will send you
the certificate back. Thus the private part would remain private to you.
Often for convenience (and since it is to be used for company-stuff only
anyway) and because the scripts that come with OpenVPN foster that way
this process is done by the IT department
* skdaz.conf: Note that the OpenVPN-plug-in does _not_ read
OpenVPN-config files but rather uses some special ini files that contain
the information needed. I will put up some documentation on this with
next check-in. The reason why I did this is mainly that this was the
easiest way to go without creating a new parser. Does anyone think there
is an urgent need to be able to parse the real OpenVPN config files? One
pro I can think of is that the IT department would not need to create
special NM config files.

> CA File: ca.crt
> Certificate: skadz.crt
> Key: skadz.key
> 
> Correct?

Yes.

> 3) When the password dialog pops up, it asks for both a password and a
> group password.  I don't seem to have a group password, do I need one?

No, that dialog is meaningless. Just enter something in both entry
fields for now. This dialog will go away with the next version. I just
kept it there since I will recycle it for the password-only mode and I
wanted to get it out to get feedback.

> I think those are the questiosn for now, probably will have more as I go
> here.

Just let me know.

	Tim

-- 
    Tim Niemueller <tim niemueller de>      www.niemueller.de
=================================================================
 Imagination is more important than knowledge. (Albert Einstein)

Follow-Ups:
- Re: OpenVPN Questions
  - From: Dan Williams
- Re: OpenVPN Questions
  - From: David Zeuthen

References:
- OpenVPN Questions
  - From: Ryan Skadberg

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]