Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
Vladimir Kivva2017-11-18 13:43:50
linux
Vladimir Kivva, 2017-11-18 13:43:50

What is the magic of openvpn without ca?

Created an openvpn-server with minimal protection, so that mikrotiks can be connected to it. I create a connection in Mikrotik, without any certificates it calmly clings. I do the same in Windows - and she wants only with ca.crt. There are no problems, but the riddle itself is interesting.
server config:

## GENERAL ##
# TCP or UDP, port 443, tunneling
mode server
proto tcp
port 11194
dev tun
## KEY, CERTS AND NETWORK CONFIGURATION ##
# Identity
ca ca.crt
# Public key
cert server.crt
# Private key
key server .key
# Symmetric encryption
dh dh.pem
# Encryption protocol
cipher AES-256-CBC
## Network ##
server 10.8.0.0 255.255.0.0
topology subnet
# Allow client to client traffic
client-to-client
# Add route to client-to -client function
push "route 10.8.0.0 255.255.255.0"
# Ping every 10 seconds and if after 120 seconds the client doesn't respond we disconnect
keepalive 10 120
# Regenerate key each 5 hours (disconnect the client)
reneg-sec 18000
## SECURITY ##
# Downgrade privileges of the daemon
user nobody
group nogroup
# Persist keys (because we are nobody, so we couldn't read them again)
persist-key
# Don't close and re open TUN/TAP device
persist-tun
# Enable compression
## LOG ##
# Verbosity
# 3/ 4 for a normal utilisation
verb 3
# Max 20 messages of the same category
mute 20
# Log gile where we put the clients status
status openvpn-status.log
# Log file
log-append /var/log/openvpn.log
# Configuration directory of the clients
client-config-dir ccd
## PASS ##
# Allow running external scripts with password in ENV variables
script-security 3
# Use the authenticated username as the common name, rather than the common name from the client cert
username-as-common-name
# Client certificate is not required
#verify-client-cert none
client-cert-not-required
# Use the connection script when a user wants to login
auth-user-pass-verify scripts/login.sh via-env
# Maximum of clients
max-clients 1000
# Run this scripts when the client connects/disconnects
client-connect scripts/connect.sh
client-disconnect scripts/disconnect.sh

cut out the garbage, left comments

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
C
CityCat4, 2017-11-18
@zionkv

ca.crt - apparently the certificate of the CA that issued the certificate that is used to authenticate the OpenVPN connection. It is needed in order to confirm the authenticity of the certificate that is being used.

Similar questions
A
Alexander2017-06-23 20:13:44
Accepting cookies. Why is it returning an array? 2Reply
B
bituke2021-05-26 10:08:52
How to quickly deploy someone else's django project? 4Reply
M
michydev2020-03-25 19:19:42
Should a layout designer write logic, such as a currency exchange calculator? 7Reply
A
Andrey Zhigunovsky2017-11-28 12:16:35
How to include fpdf library in laravel? 3Reply
D
Dmitry Kuznetsov2017-12-05 15:02:08
Why is the state not saved after page reload or are there other options? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question