[Klug-general] VPN - OpenSSH

Peter Childs pchilds at bcs.org
Fri Jan 28 19:57:02 UTC 2011


On 28 January 2011 16:36, George Prowse <george.prowse at gmail.com> wrote:

> On 28/01/2011 16:23, Peter Childs wrote:
>
>> Does anyone know where I can find some understandable instructions on
>> how to set up a VPN using OpenVPN possibly with some kind of UI for
>> setting up the keys, and what Keys do what?
>>
>> Its just the instructions are all very well but I'm yet to work out what
>> I need to do with the 3 certificates, and 2 or more odd keys the
>> instructions seam to tell me to create....
>>
>> Peter.
>>
>>  This is a great start and isn't terribly distro-specific:
>
> http://en.gentoo-wiki.com/wiki/OpenVPN
>
>
>
Hmm That makes better sense than the original..... Now to figure out the
unanswered question.

Do I need different Client Keys for each Client(peer) or can Multiple
Clients(peers) use the same Client Key, Hence If I'm not worried about
security and not going to password and lock up my keys can I get away with
one client key.

Hence

Each Group needs one Root Certificate (which could also be signed for your
secure web server hence in an ideal world every organisation should have a
Certificate for signing everything they do so it all matches, yep that means
if your using Cups and Webmin all the Root certificates match... (Great idea
if it worked, the machine installation program could ask for your Root
Certificate or to Generate one on machine installation and then anything
that needs it could just pick it up... (Sounds like an enhancement to deb,
rpm, emerge to me wonder why nobody has done that yet....)

Each Server Needs
1. The Root Certificate (CA).
2. A Certificate for its self, signed by the Root
3. A Private Key also signed I guess

Each Client Needs
1. The Root Certficate (CA)
2. A Certificate for its self, signed by the Root, which it sends to the
server on connection ????
3. A Private Key that could be password protected.

Now is that right or am I still suffering from spaghetti brain.

Peter.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/kent/attachments/20110128/c36f303c/attachment.htm>


More information about the Kent mailing list