Nejko’s randomness

OpenVPN is an open, secure and thoroughly tested VPN technology. Our company Infrax d.o.o. also provides OpenVPN clients for customers to be able to access their companies’ networks. We don’t use password-based authentication, but certificate-based one, which means we have our own full-blown Certificate Authority (self signed, of course). We use EJBCA for that and it works beautifully.

However, our customers are expecting simple solutions: a single package with their own config file and certificate. Although EJBCA supports generating OpenVPN packages on the fly on the server, it would be a bit more complicated to make it work, because we need to generate different config files for our customers. Which means we would need a special lookup-table (we could use the EJBCA’s MySQL database) which would link specific fields in certificates’ “distingished name” with corresponding OpenVPN config files. This would be possible, but a bit too complicated for now.

So I decided that we create the packages “semi-manually”, i.e. manually but in “batch” mode. First, you need my package which includes OpenVPN source environment (OpenVPN 2.1 RC7) which will be compiled with NSIS into an executable together with the certificate and config files.

Then you need to obtain the certificates for the clients you want to create the packages for and provide the config file as well. You must also install NSIS and then you are ready. Just run “generate.cmd” file in the “openvpn-generator” directory and the executables will be created in “openvpn-generator/exes”.

If you have problems, questions, just let me know.

Voilà. I just graduated today (actually yesterday, it is early morning when I am writing this). A chapter of my life which lasted for the last 6 years is closed now. And it feels good.

Thanks to everybody who came to my presentation. It is very nice to have friends like you. Also thanks to my mentor, Borut Robič and to my parents who supported me for all those years. Thanks to mom, Janja and Anica who baked all the cookies for the short after-party in the LALG laboratory. Finally, special thanks to my wife Mica and my son Jakob, who felt a bit of stress in the last days too.

You can get my thesis here. It is titled “Improvement of pfSense firewall with user services” or “Nadgradnja požarnega zidu pfSense z uporabniškimi storitvami” (Slovenian translation). For non-Slovenian readers, the text is in Slovenian language, so probably you won’t understand most of it. However, I plan to translate at least the most important parts into English so it could be used by pfSense developers as well. I’ll make a special page called Papers soon, so all my papers will be there some day.

Dear RoundCube and PostfixAdmin users, I just released the 1.0.4 version of RCPFA bridge, which makes RoundCube and PostfixAdmin interoperate. Many people have requested that it would be nice to have RCPFA for RoundCube 0.2beta available, and here it is. So this version doesn’t provide any new features, it only provides compatibility with 0.2beta. Hope it works for you too.