Nejko’s randomness

OpenVPN is an open, secure and thoroughly tested VPN technology. Our company Infrax d.o.o. also provides OpenVPN clients for customers to be able to access their companies’ networks. We don’t use password-based authentication, but certificate-based one, which means we have our own full-blown Certificate Authority (self signed, of course). We use EJBCA for that and it works beautifully.

However, our customers are expecting simple solutions: a single package with their own config file and certificate. Although EJBCA supports generating OpenVPN packages on the fly on the server, it would be a bit more complicated to make it work, because we need to generate different config files for our customers. Which means we would need a special lookup-table (we could use the EJBCA’s MySQL database) which would link specific fields in certificates’ “distingished name” with corresponding OpenVPN config files. This would be possible, but a bit too complicated for now.

So I decided that we create the packages “semi-manually”, i.e. manually but in “batch” mode. First, you need my package which includes OpenVPN source environment (OpenVPN 2.1 RC7) which will be compiled with NSIS into an executable together with the certificate and config files.

Then you need to obtain the certificates for the clients you want to create the packages for and provide the config file as well. You must also install NSIS and then you are ready. Just run “generate.cmd” file in the “openvpn-generator” directory and the executables will be created in “openvpn-generator/exes”.

If you have problems, questions, just let me know.