Hi there,
since I want any admin of my computer not to gain access to my private VPN, I wonder if there’s any way to set up the OpenVPN client configuration using a password protected key file.
Is there any way?
kind regards
Chris
Hi there,
since I want any admin of my computer not to gain access to my private VPN, I wonder if there’s any way to set up the OpenVPN client configuration using a password protected key file.
Is there any way?
kind regards
Chris
bump. (I definitely want this topic to be seen by the devs. ^^)
Oops, I’m sorry. I mistook this for a NixOS forum and the situation there is very different from Turris OS.
bump again
Are there any news about this topic?
As a workaround you could manually add a password to the certificate after the config is generated. To do that copy everything between <key>
and </key>
in the openvpn client config. Something like
-----BEGIN PRIVATE KEY-----
MultipleLinesOfCharacterAndNumberGibberish
...
...
-----END PRIVATE KEY-----
Then connect to a system that has openssl installed (eg. via ssh to the TO). And run openssl rsa -aes256
and paste the copied config part.
Alternatively you can paste the private key and then run openssl rsa -in <filename> -aes256
.
You are asked to enter a passphrase twice. Afterwards there will be an output like
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,C8A7B9C45461248106E4165DC4248853
SomeOtherMultilineGibberish
...
...
-----END RSA PRIVATE KEY-----
Copy that output and replace the part between <key>
and </key>
in the client config with it.
When you start the vpn connection now you will be asked to enter the passphrase.