etc/openvpn/ easy-rsa/ pki/private/ ovpn-client. etc/openvpn/ easy-rsa/ pki/issued/ ovpn-client. etc/openvpn/ca.crt -> /etc/openvpn/ca.crt Now you have to transfer the following files from the server to the client: $ lxc launch ubuntu:jammy ovpn-client -vm Make sure you get the server's IP address (not the VPN one!) you will need it below. This is what will trigger the issue on the client side. As you can see above, we've instructed easy-rsa to generate SHA1 digests for our certificates. # systemctl start sure that the service has successfully started by checking the output of "systemctl status ovpn-server" and verifying that there's a new "tun0" interface when you invoke "ip a". # cp /usr/share/ doc/openvpn/ examples/ sample- config- files/server. easyrsa build-client-full ovpn-client nopass easyrsa build-server-full ovpn-server nopass when asked for the Common Name, provide "ovpn-server". */set_var EASYRSA_ DIGEST\ t\t"SHA1" /' vars $ lxc launch ubuntu:focal ovpn-server -vm The server will be running Focal, and the client will be running Jammy. We will be using two VMs, one acting as the server and the other as the client. One of the main problems this SRU addresses is the current inability to handle certificates that use legacy cryptographic algorithms (like SHA1). ** Testcase for the SHA1 certificate support One of the upstream maintainers gladly provided a set of commits that should be backported to Jammy in order to improve this situation (they are listed in the "Original Message" section). Users running Ubuntu Jammy have been having a poor experience because of the not fully support of OpenSSL 3.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |