Skip to main content

Openvpn On My Machine: Easy-RSA: Building My Public Key Infrastructure (PKI) part I

I have been on the lookout for third party VPN providers for a year now. Since the start of 2017, privacy is in the top of my to-do list. After installing Arch linux early February, and configuring basic maintenance and security procedures, I am now ready to embark on connecting to somekind of vpn service. From what I've read so far my best bet is a third party vpn provider which gives me a secure and private connection to the Internet and easy to configure. I also went to the Arch linux wiki, specifically, Openvpn and Easy-RSA pages. Arch linux has a culture of "do-it-yourself" and "keep-it-simple-shit" (KISS, maybe I got that wrong). 

The latter course is the subject of my post (hopefully in the next post(s) I could bring good news too). Openvpn is based on machines authenticating themselves to servers which connect to the Internet securely. I have to build up my public key infrastructure PKI to make this possible. In the wiki, it is recommended that the CA issuing machine be different (more entropy capable) from the server and of course the client machines. This path assumes I have more than one machine. What if I only have one?

Openvpn is a flexible and highly configurable software. It says so in the manual:
            "OpenVPN  is  an  open  source VPN daemon by James Yonan.  Because OpenVPN tries to be a universal VPN tool      offering a great
       deal of flexibility, there are a lot of options..."

Also:

            "OpenVPN  is a robust and highly flexible VPN daemon.  OpenVPN supports SSL/TLS security, ethernet bridging,     TCP or UDP tun‐
       nel transport through proxies or NAT, support for dynamic IP addresses and DHCP, scalability to hundreds  or      thousands  of
       users, and portability to most major OS platforms.

       OpenVPN is tightly bound to the OpenSSL library, and derives much of its crypto capabilities from it.

       OpenVPN  supports  conventional  encryption using a pre-shared secret key (Static Key mode) or public key         security (SSL/TLS)."

But what closed the deal for me is this:
            "Sample OpenVPN 2.0 config file for            #
# multi-client server.                          #
#                                               #
# This file is for the server side              #
# of a many-clients <-> one-server              #
# OpenVPN configuration.                        #
#                                               #
# OpenVPN also supports                         #
# single-machine <-> single-machine             #
# configurations (See the Examples page         #
# on the web site for more info). 

I hope single machine is what it means and I can make this work.


Post a Comment

Popular posts from this blog

America Must Evolve Fast Or Die

This was a music festival concert venue in Las Vegas, Nevada. A shooter in the 32nd floor of a nearby hotel across the general area opened fire then shot himself. He killed 59 people in what reports call the biggest mass shooting in modern American history to date.
America must learn from the lessons of previous mass shootings otherwise this tragedy will happen again. Reasonable animals evolve when their lives and the life of the pack or group are threatened. They change how they face the problem and not just move on. They don't dismiss reality. They recognize the problem and listen to reason. For those who say nothing can be done, you're wrong. There is something America can do. It is not premature to talk about gun control. This is the time to talk about it.

GnuCash In Arch Linux

I updated a number of packages today and Gnucash won't start. I immediately went to the Archlinux website to see what's happening. I can't seem to find the package in the community repo. There's a thread in AUR on how to compile Gnucash by hand no AUR helpers.

But I tried to compile goffice and webkit2, needed packages for Gnucash-git. No. It doesn't work for me.

Funny but I'm now using my Android Tablet with Gnucash app to record transactions. This is working. We need to have the stable GnuCash back. This is a stop gap on my part. Transactions don't stop when computers stop. Please don't make me go back to paper.

Star Wars: The Last Jedi Poster

The Last Jedi is coming this December 2017. I can't wait. My guess is we can watch it later in the Christmas season or even later than the New Year 2018. The Filipino Film Festival season usually starts the 15th December up to January 7th. Only Filipino films are shown in theaters. Unless there's a special run, we would see it much later.