Scripts to manage certificates or generate config files
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
GRIFFCOMM
- OpenVpn Newbie
- Posts: 4
- Joined: Sun Nov 25, 2018 6:35 am
Post
by GRIFFCOMM » Sun Nov 25, 2018 6:45 am
Hi, i am not new to VPN, i am however new to openVPN, i have played with the Windows PC server and a QNAP NAS running QVPN server both running as openVPN servers, however my question is this.
I have an appliance (phone) that supports openVPN, but is asking for 3 certificates, how do i get these certificates from the Windows Server or QNAP appliance running openVPN? (the openVPN system only seems to download 1 certificate)
Cetificates needed are:
- OpenVPN® CA
- OpenVPN® certificate
- OpenVPN® Client Key
Image of the client device asking for them:
-
GRIFFCOMM
- OpenVpn Newbie
- Posts: 4
- Joined: Sun Nov 25, 2018 6:35 am
Post
by GRIFFCOMM » Wed Dec 19, 2018 3:55 pm
Hi Thanks..... i have the manufacture looking at this as well, they seem to be saying the username / password should work, i am not sure it does, so they are working on it as well.
-
Sop_1000
- OpenVpn Newbie
- Posts: 10
- Joined: Wed Dec 19, 2018 3:29 pm
Post
by Sop_1000 » Wed Dec 19, 2018 4:03 pm
CA should be the same as the server, CRT and KEY are client specific and should be generated from openvpn server installation, also, that client doesn't ask for a ta.key, which I think is needed for TLS, so you should probably disable that on the server, somehow. Also make sure the cipher method matches the server, AES-256 is the standard. Not sure about username, windows client never asks user input on that, just the password, and the password is "stamped" on the client certificate.
-
GRIFFCOMM
- OpenVpn Newbie
- Posts: 4
- Joined: Sun Nov 25, 2018 6:35 am
Post
by GRIFFCOMM » Wed Dec 19, 2018 4:16 pm
Thanks, i have a new firewall (Watchguard) appearing in about a week, i will be investigating this a lot more than, they support openVPN also, ive not looked at it since first trying all this. The Windows PCs work fine, its this device (phone) thats creating an issue.
-
Sop_1000
- OpenVpn Newbie
- Posts: 10
- Joined: Wed Dec 19, 2018 3:29 pm
Post
by Sop_1000 » Wed Dec 19, 2018 4:22 pm
Oh no, I hate Watchguard, mainly because of the licensing thing, you can't basicly have a proper firewall without 10 licences one for each thing, you're gonna have to get a VPN license for that to work. I might not be 100% correct on this though.
-
GRIFFCOMM
- OpenVpn Newbie
- Posts: 4
- Joined: Sun Nov 25, 2018 6:35 am
Post
by GRIFFCOMM » Wed Dec 19, 2018 4:39 pm
We are a watchguard reseller, you dont need licenses, the firewall is free, to be warrantied you need "license", however the VPN is free on them (up to a certain amount).
They do however have "services" you pay for which we never sell, when the "license" for the unit expires it continues to work as a firewall WITH the built in VPN it came with, you cant however upgrade the firmware once the support stops. It will work indefinitely as a firewall with the base VPN (SSL / site to site etc...), sure you want LOADS of SSL and site to site then you need to pay for it...
