From: Toby T. <to...@te...> - 2010-08-10 20:50:00
|
On 10-Aug-10, at 3:59 PM, Rodrigo Rosa wrote: > Let me explain a little bit more detailed: > > In a company that I work for , we have 2 open servers: > > VPN01 located in MIAMI and VPN02 located in BRAZIL. > > Users from Miami or Brazil has the VPN config files at their clients > like > this: > -------------------------------------------- > remote vpn01.telecallnet.com 22222 > remote vpn02.telecallnet.com 22222 > proto udp > route-method exe > route-delay 2 > port 22222 > client > pull > dev tap > comp-lzo > keepalive 10 120 > tls-client > ca ca.crt > dh dh2048.pem > cert rodrigo.crt > key rodrigo.key > ns-cert-type server > -------------------------------------------- > > So, when they log on VPN they are using MIAMI or BRAZIL servers. > Since last > week the VPN keys started to expire and the problems began. Tried to > renew > but didn't find the option, so I delete all of them and recreate, > but there > is not an option to syn both servers. > > That´s why I´m asking somebody´s help, in order to have both servers ( > BRAZIL and MIAMI ) syn, and I don’t have to create all keys on both > servers, > only one. Boa tarde Rodrigo Why do you use 2 servers, exactly? If you mean that a client may use either at any time (not clear), afaik you only need to use the same ca.crt to have client certificates under that CA verified by both servers. --Toby > > Is it possible to be done ? or I'll have to create everything again ? > > > Thanks, > > > Best Regards, > > Rodrigo Rosa > Network Analyst > Office Phone Brazil: +55 (21) 3002 0522 > Office Phone US: +1 954 213 6084 > MSN:rod...@te... > Please consider the environment before printing this e-mail. > > -----Mensagem original----- > De: Davide Brini [mailto:da...@gm...] > Enviada em: terça-feira, 10 de agosto de 2010 16:18 > Para: ope...@li... > Assunto: Re: [Openvpn-users] Sync VPN Keys > > On Tue, 10 Aug 2010 15:46:23 -0300 "Rodrigo Rosa" > <rod...@te...> wrote: > >> In a company that I work for there are 2 OPENVPNS servers ( Brazil >> and >> Miami ). I'd like to know if is possible to sync the VPN keys >> between both >> servers, so, any key that I create in Miami it will be replicate to >> Brazil >> and vice versa. > > Which keys are you talking about? On the server you only need a > single key: > the server's key (the private key and the corresponding public key > in an > X.509 certificate). In addition, you also need the CA certificate that > signed the clients' keys. That should be it for a server. > > Which are these other new keys you are creating on the servers? > > -- > D. > > ---------------------------------------------------------------------------- > -- > This SF.net email is sponsored by > > Make an app they can't live without > Enter the BlackBerry Developer Challenge > http://p.sf.net/sfu/RIM-dev2dev > _______________________________________________ > Openvpn-users mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openvpn-users > > Nenhum vírus encontrado nessa mensagem recebida. > Verificado por AVG - www.avgbrasil.com.br > Versão: 9.0.851 / Banco de dados de vírus: 271.1.1/3062 - Data de > Lançamento: 08/10/10 03:35:00 > > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by > > Make an app they can't live without > Enter the BlackBerry Developer Challenge > http://p.sf.net/sfu/RIM-dev2dev > _______________________________________________ > Openvpn-users mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openvpn-users |