Menu
▾
▴
Re: [Openvpn-users] Synching easy-rsa between hosts
|
From: Stanislav O. <os...@gk...> - 2010-11-05 18:13:15
|
Chris, I'm a sysadmin. I just use rsync for easy-rsa directory from the master OpenVPN server to failover slaves after a generation of new certs or a revocation of old certs. I'm serving 1 master and 2 slave vpn gates via rsync and have no problem. Good luck. 2010/11/3 Chris Rose <chr...@ad...> > My network has a primary and a hot failover vpn host, and the process > developed by my predecessor is to simply run build-key-pass on both > machines, providing the same answers on both, to generate the keys. > > I'm suspicious that this won't work based on what I know about SSL > certs, but since I don't control VPN failover, I haven't been able to > verify it. > > What I'd like to do instead is to synchronize the key stores between the > two hosts, generating client certs on one and then pushing the changes > to the other using rsync or something like it. > > What issues will I run into by just having the same /etc/openvpn on both > machines? > > -- > Chris Rose > Advanis > > > > ------------------------------------------------------------------------------ > Achieve Improved Network Security with IP and DNS Reputation. > Defend against bad network traffic, including botnets, malware, > phishing sites, and compromised hosts - saving your company time, > money, and embarrassment. Learn More! > http://p.sf.net/sfu/hpdev2dev-nov > _______________________________________________ > Openvpn-users mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openvpn-users > |
