[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Missing easy-rsa package


* Reinis Ivanovs <dabas@untu.ms> [2014-12-20 13:47:26 CET]:
> The Debian Wiki guide I linked to doesn't work without easy-rsa, and
> basically every guide I've seen for configuring openvpn with TLS relies on
> easy-rsa,

 While easy-rsa is a nice script to create your CA infrastructure, it is
in no way required and doesn't mean openvpn is "not fully usable"
without it.  That's a big exaggeration.  openvpn in itself is the only
thing needed to create certificates, and while easy-rsa eases the
process (hence its name), it isn't crucial, and especially, not the only
thing available for doing that job.

 That the guides does use it is neither surprising, given that it was
bundled with openvpn before.  It just means that they haven't been
updated since the decoupling.

> Moreover, following strict security practices isn't always necessary,
> so I'm not sure why it needed to be brought up. I'm not setting up
> openvpn for an organization, just for myself and a quick test, so it's
> not relevant where the CA is.

 Please be adviced to also apply proper practices when "not setting up
openvpn for an organization", because that way you will always apply
them and don't have to think about what steps to take when you consider
it necessary.  It's a better default to follow. :)

Fühlst du dich mutlos, fass endlich Mut, los      |
Fühlst du dich hilflos, geh raus und hilf, los    | Wir sind Helden
Fühlst du dich machtlos, geh raus und mach, los   | 23.55: Alles auf Anfang
Fühlst du dich haltlos, such Halt und lass los    |

Reply to: