I found out a very cool configuration trick for OpenVPN while doing some read-up on OpenVPN encryption key size.
In the middle of the thread, one of the user, “300000”, posted his/her configuration settings.
The part that caught my eye was the chunk of Base64 encoded certs.
I never knew you could embed the certs directly into the config file!
All these while I’ve been using the respective keywords to define the path to the individual cert files. This have made the distribution of configuration to each user quite a pain, since in addition to the config file, I have to send them the cert and key files and also to instruct them on where to put the individual files.
Now, I can just pass them a single .ovpn file and tell them where to place it and they are good to go. No more additional steps like telling them to download the cert files and placing them in a specific directory.
To embed the certs, simply place the Base64 encoded cert text into the respective <ca> </ca>, <cert> </cert> and <key> </key> tags in your .ovpn config file and comment out the “ca”, “cert” and “key” keywords.
client remote my-server 1194 proto udp dev tun persist-key persist-tun resolv-retry infinite nobind #ca ca.crt #cert client.crt #key client.key comp-lzo verb 3 <ca> -----BEGIN CERTIFICATE----- ***Paste CA Cert Text Here*** -----END CERTIFICATE----- </ca> <cert> -----BEGIN CERTIFICATE----- ***Paste Your Cert Text Here*** -----END CERTIFICATE----- </cert> <key> -----BEGIN PRIVATE KEY----- ***Paste Your Cert Private Key Here*** -----END PRIVATE KEY----- </key>
Kee Wee is an IT Specialist specialising in High Availability and Messaging solutions. He is a curious person who likes to build things and figure out how stuff works. This is where he share his thoughts with the world.
Leave a comment