we recently started using openvpn in production environment. We also use several kinds of OS here (Mac, Linux and Win). I would like to talk about linux.
Those who have access also have tokens from safenet: eToken 5100. I have openvpn configuration file which is setup to use this token and all works as expected. I start
Code: Select all
sudo openvpn conf.ovpnUnfortunately, If I try to start it as a daemon (by adding 'daemon' line to config file) it wont ask for the password, and of course wont establish connection because of that.
We have several openvpn points and I need to change them quite often (I know that I can have more openvpn connections at once, but all test environments have the same IP subnet, so I cannot be connected to more than one at once)
Is there a way of how to use openvpn as a daemon with the safenet token? (If I do that, I will be easily able to create script to change the openvpn server)
Note: In both, Win and Mac OS, safenet token asks for the password through GUI, so even if it is started as a daemon, it asks for the password, but not linux.
My OS: Linux Mint 17 x64, SafeNet Authentication client: 8.3.40-0 amd64, openvpn: 2.3.2-7ubuntu3
openvpn conf file:
Code: Select all
dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA1
tls-client
client
resolv-retry infinite
remote server.name.domain 1194 udp
lport 0
verify-x509-name "server.name.domain" name
ns-cert-type server
comp-lzo
<ca>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ca>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
...
-----END OpenVPN Static key V1-----
</tls-auth>
key-direction 1
pkcs11-providers /usr/lib/libeTPkcs11.so
pkcs11-id 'id of cert in token'