Clark's Home page

Tecnicismi vari di un Sysadmin Linux ma anche qualcosa della sua vita

Openvpn client per Windows unified format —

Con l’andare del tempo mi sono reso conto che sempre più spesso si ha a che fare con gente che o non capisce l’italiano o non ci arriva proprio anche se è convinta di si.
Tralascio la narrazione dei fatti che mi hanno portato a prendere la rotta dell’unified format per i client vpn possiamo dire che in sostanza con questo formato di file di configurazione si ha un unico file che comprende configurazioni e certificati.
La destinazione canonica di questo file resta c:\programmi\openvpn\conf ma se ad esempio si clicca su questo file messo in una directory qualsiasi openvp lo apre e crea una subdir openvpn sotto c:\utenti\nome_utente e parte da li.

Un file in unified format appare così:

#
client
dev tap
proto tcp
remote vpn.myfirm.com
remote vpn1.myfirm1.com
resolv-retry 60
nobind
persist-key
persist-tun
remote-cert-tls server
key-direction 1
cipher AES-256-CBC
tcp-nodelay
sndbuf 0
rcvbuf 0
verb 3
<ca>
—–BEGIN CERTIFICATE—–
MIIFJzCCBA+gAwIBAgIJAI5PDwaPH2XzMA0GCSqGSIb3DQEBCwUAMIG9MQswCQYD
VQQGEwJJVDELMAkGA1UECBMCTUkxETAPBgNVBAcTCEludmVydW5vMRowGAYDVQQK
ExFaaW5jb21ldGFsIFMucC5BLjEfMB0GA1UECxMWU3lzdGVtcyBhbmQgTmV0d29y
a2luZzEdMBsGA1UEAxMUWmluY29tZXRhbCBTLnAuQS4gQ0ExDzANBgNVBCkTBlZQ
Ti1DQTEhMB8GCSqGSIb3DQEJARYSZWRwQHppbmNvbWV0YWwuY29tMB4XDTIwMDcy
OTA4NTcwNFoXDTMwMDcyNzA4NTcwNFowgb0xCzAJBgNVBAYTAklUMQswCQYDVQQI
EwJNSTERMA8GA1UEBxMISW52ZXJ1bm8xGjAYBgNVBAoTEVppbmNvbWV0YWwgUy5w
LkEuMR8wHQYDVQQLExZTeXN0ZW1zIGFuZCBOZXR3b3JraW5nMR0wGwYDVQQDExRa
aW5jb21ldGFsIFMucC5BLiBDQTEPMA0GA1UEKRMGVlBOLUNBMSEwHwYJKoZIhvcN
AQkBFhJlZHBAemluY29tZXRhbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDG84sKWTH3CPXgpJ4W7ZpSJKxrf8upnr69FR7MeDvWkG+InEJKiukg
+qP+E8KfQ1UtYT6aizsbSEq71ZllDhOqSkZMuwnouJqfEuAcb1WEKIyrkO7NhJIl
+ueXgJfpFq2a/cB3Q7S7QbPu1Z4m8UmOHF3ncK2PKkdIaC69ocIi5sQ0VBnI7ce9
kOmkpZTQqGHbwaCcdSZoR/mIiDIPPo0TvOcQZeDQSx7eVebJc/eOukw0CvYx0NUX
1k6nd6BU/x6546ke3jNlnn+lVDUrKUQ/s+9YiW16PBWa5Zha9B+iqa8iLtujqswW
gTNtcMOR0D3TToOy3WnjBwm8DN+DvCYzAgMBAAGjggEmMIIBIjAdBgNVHQ4EFgQU
7yP5I5oPL307aA0yRuCo+eJnmsIwgfIGA1UdIwSB6jCB54AU7yP5I5oPL307aA0y

—–END CERTIFICATE—–
</ca>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
—–BEGIN OpenVPN Static key V1—–

9ae8184aa99227cd2d03bbb57fa45e00
8fb982d79e6d908421fd12354faf0852
ed647053f427d4e1c041d12ba26b507b
b2f63d131ff6ab5fcfe81d3f6adcd18b
4f339faf438a03648a65be07edcd2d07
—–END OpenVPN Static key V1—–
</tls-auth>
<cert>
—–BEGIN CERTIFICATE—–
MIIFdzCCBF+gAwIBAgIBEjANBgkqhkiG9w0BAQsFADCBvTELMAkGA1UEBhMCSVQx
CzAJBgNVBAgTAk1JMREwDwYDVQQHEwhJbnZlcnVubzEaMBgGA1UEChMRWmluY29t
ZXRhbCBTLnAuQS4xHzAdBgNVBAsTFlN5c3RlbXMgYW5kIE5ldHdvcmtpbmcxHTAb
BgNVBAMTFFppbmNvbWV0YWwgUy5wLkEuIENBMQ8wDQYDVQQpEwZWUE4tQ0ExITAf
BgkqhkiG9w0BCQEWEmVkcEB6aW5jb21ldGFsLmNvbTAeFw0yMDA3MjkwOTM0MTVa
Fw0zMDA3MjcwOTM0MTVaMIGyMQswCQYDVQQGEwJJVDELMAkGA1UECBMCTUkxETAP
BgNVBAcTCEludmVydW5vMRowGAYDVQQKExFaaW5jb21ldGFsIFMucC5BLjEfMB0G
A1UECxMWU3lzdGVtcyBhbmQgTmV0d29ya2luZzERMA8GA1UEAxMIY2xpZW50MDEx
gcOkgcAwgb0xCzAJBgNVBAYTAklUMQswCQYDVQQIEwJNSTERMA8GA1UEBxMISW52
ZXJ1bm8xGjAYBgNVBAoTEVppbmNvbWV0YWwgUy5wLkEuMR8wHQYDVQQLExZTeXN0
ZW1zIGFuZCBOZXR3b3JraW5nMR0wGwYDVQQDExRaaW5jb21ldGFsIFMucC5BLiBD
QTEPMA0GA1UEKRMGVlBOLUNBMSEwHwYJKoZIhvcNAQkBFhJlZHBAemluY29tZXRh
bC5jb22CCQCOTw8Gjx9l8zATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMC
B4AwEwYDVR0RBAwwCoIIY2xpZW50MDEwDQYJKoZIhvcNAQELBQADggEBABd+I7jk
Bj9x26eVHHziHlk60Je4qg0ck8YrA8ZRBtP1iQv1I3EfNwJNhaLg8B9HqbyRj2GL
4nAEmGVtqF4mpGgA+48ddjaOMy6Y2oj39ZwpbUjGuUOKypjdVqDWc1lRc+SjIFLA
Bgkj37QX6tdDiC4/lv/7LiZp2DrM+7hSX1wqtua+c5W1CIuSjJQSWF95nVhTGxKV
P8tEGoLnBCi4FP+8GPsHSxCGjeFSTh1P6k90zOScfEX+NqgL5ivJLFewakC1yKyD
4govydy4jey6VE4SxwFctS/NOujyXnLmO+L++qXRLgICJz8FJ52Zzh9GDVngp40i
AMB7PE53rT4iitY=
—–END CERTIFICATE—–
</cert>
<key>
—–BEGIN PRIVATE KEY—–
g3NDVuTU1Q1jheRoNr/g9nJLVKjiNYRAAe5vklvwaX4YaaYW5zWXuC619Pezwsqn
aIqVAZb7ZJXjw4O+XkUqYE5soZpBtUlJCHhOFjLCnGmLxzLpLEaySo+ltojv/uKe
AY0O5Hz3uHZx1mJkRkVkMjAVHwKBgQDdF1lZQwtic/QxPTllwqrqB25TZqqAkBXK
hXV12xpoSohM/uDgK6oFOCKMEFdzLVYNoaEALNxfXYxT4orUtXpq1HLUxSZA2pF9
0SKeOwtudl2N4q2BLI9PKf+rZ7kssTqhMQ3VmTF7IYau3tO13yL87MfWYDVOpqMk
UMaNfi7IJwKBgQClzNiLBEQf5o7g5TLs4TDtxFI9yIHRsS0R3372M0HhdahlEo1J
MfpAkoYCZ4BNiA9WvDma3qnv7ih8N9lKWmENyNRz8AD91lDAn/qvFgE3nx/CDE28
sQXCT1M1bAy/m7f6QTSePZhq11YNabfllS4pp974TnttTMlgv3d1bD94EQKBgEOd
n3LAIVwz0Cu66LHpbjHyodgZ3u1Ao5lzZW/s2U+p87Nwg7+rOu0rtM0XNleANwAm
PUH7dk4oIwGImCLjeZPwc0oFHWTaM4LCEg9ISX+37Xa2K5AE27M/SfTW3PgBH8gq
Y2u+1TYuE62pch/+JQorNBapB8SNC/nQRlkBjTcjAoGBANvrfYEeA9UbzY+UF3Jv
Jl3OoavrT6ZaDT3s3tutsR9IuPYWs5YI38c949ontCXDLamLhYkKHWYtIVK/klVx
vU4gr8twy7fClb1PRYLdIYblETix3+bInh9bfIwAUu0ga2sHGUOdd7QRHdkqRmCI
6j9Z4Ds3HMi5borM3oEokg9j
—–END PRIVATE KEY—–
</key>

In poche parole si fa seguire alle istruzioni di configurazione i vari certificati e chiavi racchiusi tra tag <> esattamente come abbiamo fatto per Apple e Android.

 


Categorised as: Networking | Windows | Work

Comments are disabled on this post


Comments are closed.


Hide picture