On Thu, Aug 17, 2023 at 8:24 AM, Bo Berglund <bo.bergl...@gmail.com> wrote:On Wed, 16 Aug 2023 21:28:29 +0000 (UTC), Jason Long via Openvpn-users <openvpn-users@lists.sourceforge.net> wrote:
>Hi Jochen,Thank you for your advice about the >How-to articles.Can you answer >my questions? >1- What is the difference between >/etc/openvpn and /etc/openvpn/server >>directories? > I put my server.conf file in the /etc/openvpn >directory and it worked. >You are running an *old* version of OpenVPN! >The service infrastructure has >changed and OpenVPN now defaults to using >two subdirectories (client and >server) >to /etc/openvpn to handle the two different >uses of it. >Please read up on how it works in the new >docs. >2- You said "./easyrsa sign-req client client", >make those unique ideally per >device, >not just per user. How to make it unique per >user? >You have to generate *separate* encryption >files for each client where the CN >entry is *unique*, otherwise the server can >never differentiate between them >and >you cannot allow/block clients individually. >Also you open for abuse of your server. >If I have 1000 clients, then I must generate >1000 key files??? >Exactly! >3- For the CA certificate, I must use "Server" >not "server". May I ask why? >So you are not aware that Linux is case >sensitive? >"Server" is NOT equal to "server"... >So what you use depends on what *exact* >name you set the CN to when >genererating >the files. >-- >Bo Berglund >Developer in Sweden Hello,Thank you so much.If I forget the CN name, then if I open the "ca.crt" file and click on the Details tab and check the Issuer section, then this is the name that I have entered during generating the key? _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
