From: Chris R. <chr...@ad...> - 2010-11-03 15:53:59
|
My network has a primary and a hot failover vpn host, and the process developed by my predecessor is to simply run build-key-pass on both machines, providing the same answers on both, to generate the keys. I'm suspicious that this won't work based on what I know about SSL certs, but since I don't control VPN failover, I haven't been able to verify it. What I'd like to do instead is to synchronize the key stores between the two hosts, generating client certs on one and then pushing the changes to the other using rsync or something like it. What issues will I run into by just having the same /etc/openvpn on both machines? -- Chris Rose Advanis |