Hi there,
since I want any admin of my computer not to gain access to my private VPN, I wonder if there’s any way to set up the OpenVPN client configuration using a password protected key file.
Is there any way?
kind regards
Chris
3 Likes
bump. (I definitely want this topic to be seen by the devs. ^^)
1 Like
Oops, I’m sorry. I mistook this for a NixOS forum 
and the situation there is very different from Turris OS.
bump again 
Are there any news about this topic?
As a workaround you could manually add a password to the certificate after the config is generated. To do that copy everything between <key> and </key> in the openvpn client config. Something like
-----BEGIN PRIVATE KEY-----
MultipleLinesOfCharacterAndNumberGibberish
...
...
-----END PRIVATE KEY-----
Then connect to a system that has openssl installed (eg. via ssh to the TO). And run openssl rsa -aes256 and paste the copied config part.
Alternatively you can paste the private key and then run openssl rsa -in <filename> -aes256.
You are asked to enter a passphrase twice. Afterwards there will be an output like
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,C8A7B9C45461248106E4165DC4248853
SomeOtherMultilineGibberish
...
...
-----END RSA PRIVATE KEY-----
Copy that output and replace the part between <key> and </key> in the client config with it.
When you start the vpn connection now you will be asked to enter the passphrase.
2 Likes