Book Image

OpenVPN 2 Cookbook

Book Image

OpenVPN 2 Cookbook

Overview of this book

Table of Contents (19 chapters)
OpenVPN 2 Cookbook
Credits
About the Author
About the Reviewers
www.PacktPub.com
Preface
Index

Using a hardware token


This recipe will demonstrate how to use a hardware token as a replacement for an X509 certificate and the corresponding private key.

Getting ready

We use the following network layout:

Keep the hardware token from the first recipe at hand. For this recipe, the server computer was running CentOS 5 Linux and OpenVPN 2.1.1. The client was running Fedora 12 Linux and OpenVPN 2.1.1. Keep the server configuration file basic-udp-server.conf from the Chapter 2 recipe Server-side routing at hand.

How to do it...

  1. Start the server using the configuration file basic-udp-server.conf:

    [root@server]# openvpn --config basic-udp-server.conf
    
  2. Next, create the client configuration file:

    client
    proto udp
    remote openvpnserver.example.com
    
    port 1194
    
    dev tun
    nobind
    
    ca       /etc/openvpn/cookbook/ca.crt
    tls-auth /etc/openvpn/cookbook/ta.key 1
    
    ns-cert-type server
    
    pkcs11-providers /usr/lib64/libeTPkcs11.so
    pkcs11-id 'Aladdin\x20Ltd\x2E/eToken/001a01a9/Cookbook/20100703'

    The last directive pkcs11...