[122460] in North American Network Operators' Group
Re: dns interceptors
daemon@ATHENA.MIT.EDU (Larry Brower)
Sun Feb 14 22:44:46 2010
Date: Sun, 14 Feb 2010 21:44:02 -0600
From: Larry Brower <larry-lists@maxqe.com>
To: nanog@nanog.org
In-Reply-To: <m24olj18j2.wl%randy@psg.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Randy Bush wrote:
> end user to network
>
> having probs with certs, i.e. what --outform it wants. not finding in
> docs. tried raw, but now guessing pem. same for client and server
>
> server
> ca.crt
> server.crt
> server.key
>
> client
> ca.crt
> client.crt
> client.key
>
> and i presume i have to dump all client.crt files in the server's
> ../openvpn dir, but under what names? or does it just wantonly trust
> anyone under that ca?
>
> randy
>
>
What error is getting logged?
They are just normal cert's and should be in the keys directory under
openvpn's user directory.
OpenVPN includes scripts that can make the certificates for you under
the directory easy-rsa
