James Yonan wrote:
Adam Laurie <a...@algroup.co.uk> said:
this was just a quick note to request that you do some whitespace foo
> (in particular CR/LF stuff) for the openvpn generated secret files as
> this seems to cause pain when setting up keys generated by one or other
> platform and then transferring them (my test platform was win2k ->
> freebsd-4.8).
Not sure what the problem is.
If you generate a static key on Windows, you will get CR-LF line termination.
If you generate on *nix, you will get LF-only (i.e. newline) termination.
Each platform generates interoperable keys. The only strange behaviour I
noticed is if you generate a key on Linux then try to edit it with a dumb
editor on windows (such as Notepad), it doesn't "get" the line termination
right. But OpenVPN will still read the key correctly, as the key reader is
mostly whitespace independent.
ok, then the problem is that it's not working as expected. in trhis case
the key was generated on the win2k side and placed on the bsd server.
tls-auth failed. after editing with vi and removing ^M characters from
end of each line, tls-auth passed.
btw, when i tested with win-xp and a key generated on the bsd side i had
no problem, so i have seen it working as described as well, but on a
different platform.
Right, tls-auth generates the key by taking the sha1sum of the file, so it
will definitely be influenced by whitespace and newline conventions. When you
said "openvpn generated secret files" I was thinking you were talking about
--genkey and static keys, which are not whitespace dependent.
yes, i was... the file i'm specifying to tls-auth is the original
--genkey file that i used as a shared secret for initial testing. i
guess that it's really meant to be a one-liner then?
cheers,
Adam
--
Adam Laurie Tel: +44 (20) 8742 0755
A.L. Digital Ltd. Fax: +44 (20) 8742 5995
The Stores http://www.thebunker.net
2 Bath Road http://www.aldigital.co.uk
London W4 1LT mailto:a...@algroup.co.uk
UNITED KINGDOM PGP key on keyservers
