Re: [tunnelblick-discuss] Authenticating with just a username/password

[Jonathan K. Bullard]

I think the main idea of OpenVPN is to use a Public Key Infrastructure (PKI) with Certificate Authorities (CAs), etc.

I have a vague memory of OpenVPN having the ability to use "static keys" or "secret keys" or something like that instead of PKI, but it's pretty easy to make your own CA, certificates and keys using OpenVPN's "easy-rsa" -- see Setting up your own Certificate Authority (CA) and generating certificates and keys for an OpenVPN server and multiple clients for explicit instructions. You edit a file, type some simple commands into Terminal, and it creates the certificates and and keys for you.

Using easy-rsa with recent versions of Tunnelblick is easy because it is built in. Just click the "Open easy-rsa in Terminal" button on the "Utilitities" panel of Tunnelblick's "VPN Details…" window. My advice would be to use Tunnelblick 3.3beta50 because I know it is the most up-to-date and has it.

Tunnelblick creates the "easy-rsa" folder at

~/Library/Application Support/Tunnelblick/easy-rsa

The "~" is shorthand for "your home folder", so that's the same as

/Users/YOUR_USER_NAME/Library/Application Support/Tunnelblick/easy-rsa

If I remember correctly, the folder is created and populated with the easy-rsa programs the first time you click the "Open easy-rsa in Terminal" button, so do that first.

On Sun, May 19, 2013 at 12:00 PM, Chris G <in...@thinkchris.com> wrote:

Is there a way to authenticate with just a username/password and no certificates? My ovpn config is below which gets accepted by TunnelBlick. I am using the "auth-user-pass" string in the config file which I thought would achieve this.

Unfortunately when I attempt to connect I get:

Contents of the OpenVPN log:
Options error: You must define CA file (--ca) or CA path (--capath)
Use --help for more information.

OVPN Config

client

dev tun

proto udp

remote x.x.x.x. 1194

resolv-retry infinite

nobind

persist-key

persist-tun

auth-user-pass

comp-lzo

verb 3

Appreciate any advice. Thanks.

--
You received this message because you are subscribed to the Google Groups "tunnelblick-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tunnelblick-dis...@googlegroups.com.
Visit this group at http://groups.google.com/group/tunnelblick-discuss?hl=en-US.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[Chris G]

Thanks for the quick response, Jonathan.

The background to this is I'm trying to set up OpenVPN on my router (Draytek Vigor 2830N+) following release of some new firmware which adds OpenVPN capability. They offer both CA and without-CA authentication.

With CA authentication setup: http://www.draytek.com/index.php?option=com_k2&view=item&id=2762&Itemid=293&lang=en

Without CA authentication setup: http://www.draytek.com/index.php?option=com_k2&view=item&id=2763&Itemid=293&lang=en

Unfortunately when I try the CA configuration it just causes my router to reboot on attempting a connection so wanted to try the non-CA option to see if that worked. Sounds like I can't do that with TunnelBlick.

To unsubscribe from this group and stop receiving emails from it, send an email to tunnelblick-discuss+unsub...@googlegroups.com.

[Jonathan K. Bullard]

If OpenVPN can do it, Tunnelblick can do it. Tunnelblick is really just an graphic interface for OpenVPN.

If you haven't already, try both versions of OpenVPN that are included in Tunnelblick. Choose which one on the "Preferences" panel of Tunnelblick's "VPN Details…" window.

I think you should ask how to do the non-CA setup on the OpenVPN Users Forum or the OpenVPN Users Mailing List.

To unsubscribe from this group and stop receiving emails from it, send an email to tunnelblick-dis...@googlegroups.com.

[pete....@gmail.com]

Hello,

Is there any update on this, I am also having the same issue with the OPENVPN on a Draytek router...

[jkbull...gmail.com]

This is an OpenVPN question; you probably won't find the answer here. You might find the answer by consulting OpenVPN resources such as

• OpenVPN FAQ
• OpenVPN HOWTO
• OpenVPN 2.3 Man Page
• OpenVPN Documentation
• Using OpenVPN
• OpenVPN Users Forum
• OpenVPN Users Mailing List