puppetca and openvpn ...

[Ben]

Has anyone attempted to get openvpn to work with puppets certificates?

I am thinking that it should work without to much fuss.

My current openvpn implementation uses the following certificates and
beside these are what i think would be the appropriate puppet ones.

openvpn server:
ca /etc/openvpn/ca.crt -> /var/lib/puppet/ssl/certs/ca.pem
cert /etc/openvpn/fqdn.crt -> /var/lib/puppet/ssl/certs/fqdn.pem
key /etc/openvpn/fqdn.key -> /var/lib/puppet/ssl/private_keys/fqdn.pem
tls-auth /etc/openvpn/ta.key 0 -> no equivalent ( use openssl to generate )

openvpn client:
ca /etc/openvpn/ca.crt -> /var/lib/puppet/ssl/certs/ca.pem
cert /etc/openvpn/fqdn.crt -> /var/lib/puppet/ssl/certs/fqdn.pem
key /etc/openvpn/fqdn.key -> /var/lib/puppet/ssl/private_keys/fqdn.pem
tls-auth /etc/openvpn/ta.key 1 -> no equivalent ( use the one generated
on the server )

I am going to give this a try later but would like to know if anyone has
any thoughts on it.

Ben

[James Turnbull]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ben wrote:
> Has anyone attempted to get openvpn to work with puppets certificates?
>

You shouldn't have any issues. Puppet uses standard OpenSSL.

A recipe showing your configuration for the wiki would be great though.
*hint*.

Regards

James Turnbull

- --
Author of:
* Pulling Strings with Puppet
(http://www.amazon.com/gp/product/1590599780/)
* Pro Nagios 2.0
(http://www.amazon.com/gp/product/1590596099/)
* Hardening Linux
(http://www.amazon.com/gp/product/1590594444/)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJIoJT9hTGvAxC30ARAmBAAJ4+kf5am9OGp+zsRnLi8reIl6W+iACgoxbM
SV8D8bJyiNW/FNujmccgOY0=
=izhZ
-----END PGP SIGNATURE-----