Adam Laurie <a...@algroup.co.uk> said: > > >> this was just a quick note to request that you do some whitespace foo > > > (in particular CR/LF stuff) for the openvpn generated secret files as > > > this seems to cause pain when setting up keys generated by one or other > > > platform and then transferring them (my test platform was win2k -> > > > freebsd-4.8). > > > > Not sure what the problem is. > > > > If you generate a static key on Windows, you will get CR-LF line > > termination. > > If you generate on *nix, you will get LF-only (i.e. newline) termination. > > Each platform generates interoperable keys. The only strange behaviour I > > noticed is if you generate a key on Linux then try to edit it with a dumb > > editor on windows (such as Notepad), it doesn't "get" the line termination > > right. But OpenVPN will still read the key correctly, as the key reader is > > mostly whitespace independent. > > ok, then the problem is that it's not working as expected. in trhis case > the key was generated on the win2k side and placed on the bsd server. > tls-auth failed. after editing with vi and removing ^M characters from > end of each line, tls-auth passed. > > btw, when i tested with win-xp and a key generated on the bsd side i had > no problem, so i have seen it working as described as well, but on a > different platform.
Right, tls-auth generates the key by taking the sha1sum of the file, so it will definitely be influenced by whitespace and newline conventions. When you said "openvpn generated secret files" I was thinking you were talking about --genkey and static keys, which are not whitespace dependent. James
