Skip to main content

Openvpn On My Machine: Easy-RSA: Building My Public Key Infrastructure (PKI) part I

I have been on the lookout for third party VPN providers for a year now. Since the start of 2017, privacy is in the top of my to-do list. After installing Arch linux early February, and configuring basic maintenance and security procedures, I am now ready to embark on connecting to somekind of vpn service. From what I've read so far my best bet is a third party vpn provider which gives me a secure and private connection to the Internet and easy to configure. I also went to the Arch linux wiki, specifically, Openvpn and Easy-RSA pages. Arch linux has a culture of "do-it-yourself" and "keep-it-simple-shit" (KISS, maybe I got that wrong). 

The latter course is the subject of my post (hopefully in the next post(s) I could bring good news too). Openvpn is based on machines authenticating themselves to servers which connect to the Internet securely. I have to build up my public key infrastructure PKI to make this possible. In the wiki, it is recommended that the CA issuing machine be different (more entropy capable) from the server and of course the client machines. This path assumes I have more than one machine. What if I only have one?

Openvpn is a flexible and highly configurable software. It says so in the manual:
            "OpenVPN  is  an  open  source VPN daemon by James Yonan.  Because OpenVPN tries to be a universal VPN tool      offering a great
       deal of flexibility, there are a lot of options..."

Also:

            "OpenVPN  is a robust and highly flexible VPN daemon.  OpenVPN supports SSL/TLS security, ethernet bridging,     TCP or UDP tun‐
       nel transport through proxies or NAT, support for dynamic IP addresses and DHCP, scalability to hundreds  or      thousands  of
       users, and portability to most major OS platforms.

       OpenVPN is tightly bound to the OpenSSL library, and derives much of its crypto capabilities from it.

       OpenVPN  supports  conventional  encryption using a pre-shared secret key (Static Key mode) or public key         security (SSL/TLS)."

But what closed the deal for me is this:
            "Sample OpenVPN 2.0 config file for            #
# multi-client server.                          #
#                                               #
# This file is for the server side              #
# of a many-clients <-> one-server              #
# OpenVPN configuration.                        #
#                                               #
# OpenVPN also supports                         #
# single-machine <-> single-machine             #
# configurations (See the Examples page         #
# on the web site for more info). 

I hope single machine is what it means and I can make this work.


Comments

Post a Comment

Popular posts from this blog

Password Issues On Ubuntu Login

I found myself unable to enter my login credentials when prompted to do so in Ubuntu. I think I might have changed it then forget about it. I've been running the current session for more days than I should have. I forget. So what's the solution to my problem. How do I get in to my system now? It involved getting into the grub menu somehow. I am uncertain as to how to do that exactly in your system. So there's a couple of ways to do it (finger's crossed). When booting at system start, use the esc key or the shift key. The first one worked for me. The timing is key. Wait until the bios banner shows then hit the esc key once. I am using Ubuntu 22.04.4 here. I have a current version of grub. The grub menu will give you options and the one you want is: root. Yes you want root privileges to set the root password. It should give you a terminal access where you can issue commands. Type: #mount -rw -o -s remount / ==> this command mounts the filesyste...
Post a Comment
Read more

Pacman Has to Get Better

I finally got my printers working. I got cups (and cupsd in the /etc/rc.conf) I installed hpoj and a group of printer drivers. So to get my Arch linux to recognize there's a usb printer connected to my system I have to run a daemon (ptal-init setup) and include it in /etc/rc.conf. That finally enabled (after a reboot) my GNOME control center to acknowledge that there is indeed an HP-3900 at the end of my usb port. The real personal story behind my saga with a printer is pacman. It is now throwing 'network not reachable' everytime I start it. Every download and sync. I ran --debug and ping ip addresses and so far I will conclude that it's a really really slow ftp server. The server is so slow pacman is timing out connections. It's unusable guys. My first rolling release distro and I've decided that Arch rises and falls with the performance of their package manager. Great distro for the DIY community. But sorry I can't recommend Arch linux to my mother who jus...
Post a Comment
Read more

Webapps in Unity

So it has been 4 months since Ubuntu 14.04 came out. This is LTS and supported for 6 years by Canonical. The first mobile device with Ubuntu pre-installed is promised to come out later this year, 2014. It's time to check out how the apps perform so far. It is a good idea. I use Gmail and Twitter and Facebook. Why not a webapp in a desktop? So I start the Twitter and Gmail webapp. So far it has crashed my computer 6 times. Not a very good sign. On the other hand it does work but not as stable as opening them in Firefox. -- Use my PGP key if you want to encrypt your replies/messages to me. You are invited to also send me your PGP keys so we can communicate in private.
Post a Comment
Read more