On Mon, 06 Mar 2023 21:39:12 +0000, tincantech via Openvpn-users <openvpn-users@lists.sourceforge.net> wrote:
>On Monday, March 6th, 2023 at 20:42, Bo Berglund <bo.bergl...@gmail.com> wrote: > ><snip> > >> Question: >> --------- >> I will call easy-rsa from within my script and I want to enter the password >> as a >> variable in the script and pass it to easy-rsa when it is called to create >> the >> client files. >> How can I bypass the user input and write the password from my own script >> into >> easy-rsa? >> A command line argument would really be perfect! >> > >Command line options for automated passwords are documented under 'help >options'. > >Basic notes: >- https://github.com/OpenVPN/easy-rsa/issues/838 > >EasyRSA uses --passin/--passout to pass values to OpenSSL -passin/-passout. >Those values are dictated by OpenSSL expected syntax. > >See: >- https://www.openssl.org/docs/man1.1.1/man1/openssl.html > (The very last section on that page) > >Everybody wants automated passwords because moar security must be better.. > Thanks for that! I have now completed my conversion of the old script to ease building ovpn files for the clients. It handles both with and without password protection. While doing so I saw that easyrsa3 does produce some files I don't know what purpose they are for: Into dir pki/reqs the conversion moved the old *.csr files but new files winding up here are *.req. What are these used for? They (*.csr and *.req) do not get into the OVPN files and they are not mentioned in the OpenVPN server.conf files. In pki/inline/ there are a number of ClientName.inline files, what are these used for? Are they the collection needed for the ovpn files? These files contain 3 of the sections I am putting into the ovpn files: <cert> .... This section contains more than the encypted cert which I use </cert> <key> .... This is the client.key itself </key> <ca> ... This is the ca.crt <ca> But the ta.key file is *not* there, do I need to include the ta.key in my ovpn files??? It is now being put into a <tls-auth> section at the end of the ovpn files... Note: In my OpenVPN server.conf files I have this directive: tls-auth /etc/openvpn/keys/ta.key 0 # This file is secret It seems like such a file should not get into the ovpn files that are distributed, right? Should that section be removed from the new ovpn files? -- Bo Berglund Developer in Sweden _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
