OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

Need help with a unified config file

https://forums.openvpn.net/viewtopic.php?t=13024

Page 1 of 1

Need help with a unified config file

Posted: Thu May 30, 2013 2:00 pm
by alfa147x
Could someone look over this config file and verify that my config file is correct?

Thanks!


Where you see * is where I've removed content.

Code: Select all

client
dev tun
proto tcp
remote * 443 
resolv-retry infinite
nobind
persist-key
persist-tun
cipher BF-CBC
keysize 512
comp-lzo
verb 4
mute 5
tun-mtu 1500
mssfix 1450
auth-user-pass
reneg-sec 0

<ca>
-----BEGIN CERTIFICATE-----
*
-----END CERTIFICATE-----
</ca>

<cert>
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: ****************************
        Validity
            Not Before: ****************************
            Not After : ****************************
        Subject: ****************************
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    **:**:**:**:**:**:**:**:**:**:**:**:**:**:**:
                    **:**:**:**:**:**:**:**:**:**:**:**:**:**:**:
                    **:**:**:**:**:**:**:**:**:**:**:**:**:**:**:
                    **:**:**:**:**:**:**:**:**:**:**:**:**:**:**:
                    **:**:**:**:**:**:**:**:**:**:**:**:**:**:**:
                    **:**:**:**:**:**:**:**:**:**:**:**:**:**:**:
                    **:**:**:**:**:**:**:**:**:**:**:**:**:**:**:
                    **:**:**:**:**:**:**:**:**:**:**:**:**:**:**:
                    **:**:**:**:**:**:**:**:**:**:**:**:**:**:**:
                    **:**:**:**:**:**:**:**:**:**:**:**:**:**:**:
                    **:**:**:**:**:**:**:**:**:**:**:**:**:**:**:
                    **:**:**:**:**:**:**:**:**:**:**:**:**:**:**:
                    **:**:**:**:**:**:**:**:**:**:**:**:**:**:**:
                    **:**:**:**:**:**:**:**:**:**:**:**:**:**:**:
                    **:**:**:**:**:**:**:**:**:**:**:**:**:**:**:
                    **:**:**:**:**:**:**:**:**:**:**:**:**:**:**:
                    **:**:**:**:**:**:**:**:**:**:**:**:**:**:**:
                    **:**
                Exponent: ***** (0x*****)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                Easy-RSA Generated Certificate
            X509v3 Subject Key Identifier: 
                *
            X509v3 Authority Key Identifier: 
                keyid:*
                DirName:*
                serial:*

            X509v3 Extended Key Usage: 
                TLS Web Client Authentication
            X509v3 Key Usage: 
                Digital Signature
    Signature Algorithm: sha1WithRSAEncryption
       *
-----BEGIN CERTIFICATE-----
*
-----END CERTIFICATE-----

</cert>

<key>
-----BEGIN RSA PRIVATE KEY-----
*
-----END RSA PRIVATE KEY-----
</key>

;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]

Re: Need help with a unified config file

Posted: Thu May 30, 2013 2:17 pm
by alfa147x
I just tried this with no luck:

Code: Select all

client
dev tun
proto tcp
remote * 443 
resolv-retry infinite
nobind
persist-key
persist-tun
cipher BF-CBC
keysize 512
comp-lzo
verb 4
mute 5
tun-mtu 1500
mssfix 1450
auth-user-pass
reneg-sec 0

<ca>
-----BEGIN CERTIFICATE-----
*
-----END CERTIFICATE-----
</ca>

<cert>
-----BEGIN CERTIFICATE-----
*
-----END CERTIFICATE-----

</cert>

<key>
-----BEGIN RSA PRIVATE KEY-----
*
-----END RSA PRIVATE KEY-----
</key>

Re: Need help with a unified config file

Posted: Fri May 31, 2013 11:33 am
by lolex
Could you post the details of your CA in the same way as you posted the certificate in your first message?

Re: Need help with a unified config file

Posted: Fri May 31, 2013 2:38 pm
by alfa147x
lolex wrote:Could you post the details of your CA in the same way as you posted the certificate in your first message?
Thanks for the help. All my Ca.crt has in it is:

Code: Select all

-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIJANJevG4eanbDMA0GCSqGSIb3DQEBBQUAMIGwMQswCQYD
****************************************************************
A1UEChMScHJvWFBOIERpcmVjdCwgTExDMRMwEQYDVQQLEwpwcm94cG4uY29tMRMw
****************************************************************
hvcNAQkBFhJzdXBwb3J0QHByb3hwbi5jb20wHhcNMTAwNjA4MTQ0NDExWhcNMjAw
****************************************************************
EwxTYW5GcmFuY2lzY28xGzAZBgNVBAoTEnByb1hQTiBEaXJlY3QsIExMQzETMBEG
A1UECxMKcHJveHBuLmNvbTETMBEGA1UEAxMKcHJveHBuLmNvbTETMBEGA1UEKRMK
cHJveHBuLmNvbTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBwcm94cG4uY29tMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAug1oqmSJ6pL4p2B9vr0dx9UM
FihYyJQAG466plFbotHXQwW09s9Tn2qDxaJobCb7uX5d6ax/4ZzAipqBTxDncO05
****************************************************************
5O9GbygT8BpAmFHMy/x9rGgnbQQxoDx/Lb16nCHvZouuQ1m8Vw7knygRe/nLLlzx
yM/wHViLqZiQB3pNlOPyBPLZa7RjNMtsl7LFw+ah9y8Mdfvtc8q5C5z78mgRDTyF
Ild90i/7CbZjcZLGDz7G7pKSxeiAOD4OkHRQA6/OzhVRGaFEsyZH4HuGGrLtXwID
AQABo4IBGTCCARUwHQYDVR0OBBYEFKvNJBpQvaxDdI1exwLB7dJayPrjMIHlBgNV
****************************************************************
EwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEbMBkGA1UE
ChMScHJvWFBOIERpcmVjdCwgTExDMRMwEQYDVQQLEwpwcm94cG4uY29tMRMwEQYD
****************************************************************
AQkBFhJzdXBwb3J0QHByb3hwbi5jb22CCQDSXrxuHmp2wzAMBgNVHRMEBTADAQH/
MA0GCSqGSIb3DQEBBQUAA4IBAQAve0ODYMpPYaKapzivsX8Tr0tp3HIosichqVzs
d1y29ZT1bEqYGAoNOVWcz6nXYP/MDwpU1MJ4EZn5HUX2SPiDOPThqgdfc9KvUc91
****************************************************************
Jjci03/CrFTDT90GFQr+s2aszrxJu2YaKB69XF66x7zwYYYHipJ/THiqBZFwMl4t
****************************************************************
iMWIdmaw17lrIb22Pws7PWTY44RPDBHhZXUU6/ljNJ9qgVgf
-----END CERTIFICATE-----

Re: Need help with a unified config file

Posted: Fri May 31, 2013 3:39 pm
by lolex
Hello,

could you post it in a human readable form? Just like in your first message:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha1WithRSAEncryption
.....

Re: Need help with a unified config file

Posted: Fri May 31, 2013 5:35 pm
by alfa147x
lolex wrote:Hello,

could you post it in a human readable form? Just like in your first message:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha1WithRSAEncryption
.....
Oh. Unfortunately my CA file does not contain anything like that. I posted exactly what my CA file had except for the portions I removed. Is there something else I should look for?

Re: Need help with a unified config file

Posted: Mon Jun 03, 2013 8:53 am
by lolex
If you have access to a linux system then you can create a human readable output via

Code: Select all

openssl x509 -in <YourCA.crt> -noout -text
Then you can censor your personal information and post it here.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/