On Wed, 16 Aug 2023 21:28:29 +0000 (UTC), Jason Long via Openvpn-users <openvpn-users@lists.sourceforge.net> wrote:
>Hi Jochen,Thank you for your advice about the How-to articles.Can you answer >my questions? >1- What is the difference between /etc/openvpn and /etc/openvpn/server >directories? > I put my server.conf file in the /etc/openvpn directory and it worked. You are running an *old* version of OpenVPN! The service infrastructure has changed and OpenVPN now defaults to using two subdirectories (client and server) to /etc/openvpn to handle the two different uses of it. Please read up on how it works in the new docs. >2- You said "./easyrsa sign-req client client", make those unique ideally per >device, >not just per user. How to make it unique per user? You have to generate *separate* encryption files for each client where the CN entry is *unique*, otherwise the server can never differentiate between them and you cannot allow/block clients individually. Also you open for abuse of your server. >If I have 1000 clients, then I must generate 1000 key files??? Exactly! >3- For the CA certificate, I must use "Server" not "server". May I ask why? So you are not aware that Linux is case sensitive? "Server" is NOT equal to "server"... So what you use depends on what *exact* name you set the CN to when genererating the files. -- Bo Berglund Developer in Sweden _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users