Re: Debian Full Distro v Debian 'Stripped Down' for firewall?
- To: Arnt Karlsen <arnt@c2i.net>
- Cc: debian-firewall@lists.debian.org
- Subject: Re: Debian Full Distro v Debian 'Stripped Down' for firewall?
- From: Jean-Michel Hiver <hiver.j@wanadoo.fr>
- Date: Thu, 10 Mar 2005 23:24:58 +0400
- Message-id: <[🔎] 42309F0A.5030302@wanadoo.fr>
- Reply-to: jhiver@ykoz.net
- In-reply-to: <20050118130308.40a6635c.arnt@c2i.net>
- References: <20050117111054.GA3126@sungate.co.uk> <20050117134727.X17695@nirmala.opentrend.net> <20050117141913.GB3126@sungate.co.uk> <1106039078.4682.7.camel@kaa.mb.loc> <20050118130308.40a6635c.arnt@c2i.net>
..is openvpn as easy on windroids as pptp? (Some use it as isp's
"internet access authorisation", to minimize support costs.)
It can be.
http://openvpn.se/files/howto/openvpn-howto_roll_your_own_installation_package.html
What I do is the following:
=> I have all my OpenVPN keys on a 'secure' server. I store all my keys
there.
.
./00_Certificate
./00_Certificate/openvpn-server.crt
./00_Certificate/openvpn-server.csr
./00_Certificate/openvpn-server.key
./00_Certificate/openvpn-yota.crt
./00_Certificate/openvpn-yota.csr
./00_Certificate/openvpn-yota.key
./00_Certificate/openvpn-papou.crt
./00_Certificate/openvpn-papou.csr
./00_Certificate/openvpn-papou.key
./00_Certificate/openvpn-ca.crt
./00_Certificate/openvpn-ca.key
./00_Certificate/dh1024.pem
./00_Certificate/openvpn-ravcabri.crt
./00_Certificate/openvpn-ravcabri.csr
./00_Certificate/openvpn-ravcabri.key
./00_Certificate/openvpn-drinette.crt
./00_Certificate/openvpn-drinette.csr
./00_Certificate/openvpn-drinette.key
./00_Certificate/openvpn-ubuntu.crt
./00_Certificate/openvpn-ubuntu.csr
./00_Certificate/openvpn-ubuntu.key
./00_Certificate/openvpn-mane.crt
./00_Certificate/openvpn-mane.csr
./00_Certificate/openvpn-mane.key
- I have installed the nullsoft installer package that is up for
download on the link above but *not on the server*, on the local machine.
- I have a perl script which ssh on the secure servers, creates
certificates for the new host, copies them locally, writes host-specific
config files using a configuration template, and then lauches nullsoft
NSIS using wine. If you're interested I'll mail it to you privately,
*but* it's in a 'there is no documentation, it works for me' state.
So I can do build.pl <new_hostname> and whamo! I get a nice 'n fresh
windows installer that sets up a windows box to connect on my own VPN.
All you need to do is launch the installer, then go through the windows
next... next... i agree... next... continue... next... next... routine.
And then double-click on some network icon conveniently located in the
task bar.
It took me about a day to get this working and I was starting from
scratch (didn't know much about OpenVPN...)
Cheers,
Jean-Michel.
Reply to: