openvpn crl stuff
Get your crl.pem expir date: Renew your crl.pem: It seems there is no –days argument, crl.pem’s are valid for 180 days You can change that value by tuning the easyrsa script: search for CRL_DAYS
Category: openssl
openssl encrypt decrypt script | password handling
Add -pass pass:YOURPASS as an argument.
OpenBSD 7.1 + OpenVPN + Easy-RSA
uNdEr cOnStRuCtIoN What to tune: At first set EASYRSA to a defined path like set_var EASYRSA “/etc/openvpn/easy-rsa” or you will earn some errors. Then edit the EASYRSA_REQ_* section and add your values. Check the other stuff, tune it if you want. Theres btw no need to change the openssl-easyrsa.cnf and there’s no need (like in […]
OpenBSD | ISAKMPD | x509 certificate authentication
Prepare OpenBSD Prepare the network interfaces. Delete /etc/mygate when using dhcp. Create /etc/sysctl.conf. net.inet.esp.enable=1 # Enable the ESP IPsec protocol net.inet.ah.enable=1 # Enable the AH IPsec protocol net.inet.ip.forwarding=1 # Enable IP forwarding for the host. net.inet.ipcomp.enable=1 # Optional: compress IP datagrams Create /etc/rc.conf.local isakmpd_flags=”” # Avoid keynote(4) policy checking ipsec=YES # Load ipsec.conf(5) rules Some […]
Encrypt | decrypt | anything
cat $clearfile | openssl enc CIPHER > $cryptedfile … cat $cryptedfile | openssl enc CIPHER -d > $clearfile … CIPHER: openssl list-cipher-commands # cat myfile.txt | openssl enc -des3 > myfile.txt.des3 # cat myfile.txt.des3 | openssl enc -d -des3
bytes and bones 