How to create CA Cert and key files on MAC for Tunnelblick

[roger78]

Please explain it to me as if I were a tecno analphabet. Thank you.

[Swa Frantzen]

On 24 Oct 2009, at 18:23, roger78 wrote:
> Please explain it to me as if I were a tecno analphabet. Thank you.

First: learn to use the command line, you'll need it.

Next: the CA, the certificate requests and the signing of said
requests is done with openssl.
You mac comes with openssl. So technically yoou have the tools needed.
BUT, if that sounded simple: it's not all that much in real life.
The parameters you need to pass to openssl to do what you need done
aren't all that trivial
for most mere humans (let alone for a "tecno analphabet").

The solution is to use the "easy-rsa" system that comes with a
distribution of openvpn:
it has a number of build scripts that do all of the creation of the
CS, the certificate
requests and the signing of the latter in a relatively easy to use way.

But even then it requires some familiarity with a text editor to get
your vars file set up
and some command line unix familiarity.

You'll find an openbsd source distribution at:
http://openvpn.net/index.php/open-source/downloads.html
(grab the source, it has the easy-rsa subdirectory in it - that's the
bit you need)

http://openvpn.net/index.php/open-source/documentation/howto.html#pki
has a step-by-step guide on using the build scripts.

caveat: never used a mac to do this myself, but I see little reason
why it would be different.

Success!

[roger78]

Thank you very much but I cant arrive to that level of doing things. I
am having a fight with witopia people to make them do it for me but I
am not having it...
The fact is that Tunnelblick works FANTASTIC but in the new purchase
for PPTP license for a year they I think they dont use more
Tunnelblick. I had to do it from creating a VPN thing on Network: It
works, I can connect but for videos is VERY VERY SLOW. I am watching
the same videos with my wife's MAC supported on Tunnelblick and works,
but not for me because my keys changed and I can not create them.

Sorry

[jkbull...gmail.com]

THe PPTP plan does NOT use Tunnelblick or OpenVPN -- it uses an
entirely different way of creating a VPN.

My understanding is that Witopia has a plan that does use Tunnelblick
-- their "SSL" plan. (Actually, I think they use their own modified
version of Tunnelblick.) But apparently that is not the plan that you
bought. Perhaps they will let you switch plans.

[roger78]

Thank you very much this a very nice explanation of what I think can
happen.
I think its a pitty to have to upgrade to SSL plan and spend 20
dollars more when in fact Tunnelblick is perfect for PPTP and they
know.

I am still waiting for a response to my demmand of CA Cert and key
files that I asked to them.

[jkbull...gmail.com]

Tunnelblick does NOT work with PPTP. Tunnelblick works only with (and
includes its own copy of) OpenVPN.

OpenVPN uses only the OpenVPN SSL protocol, which is different from
the PPTP protocol.

Most computers have PPTP support built into their operating system,
which is why you don't need to install Tunnelblick or another program
to use PPTP.