OpenVPN - Do You Need All These Certs & Keys?

Discussion in 'privacy technology' started by DasFox, May 9, 2011.

Thread Status:
Not open for further replies.
  1. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825
    A lot of VPN Providers that are all over the web, many of them I have used have only given a ca.crt and a .opvn/.config file is all and the VPN seems to work just fine.

    I wanted to test out a OpenVPN GUI Client in Linux and the developer told me that on OpenVPN's site you need these certs and keys to make it work:

    ca.crt , client1.crt , client1.key...

    If I'm suppose to use all three then why are VPN services I'm using, seem to be working fine without all of them and only the ca.crt?


    THANKS
     
  2. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    each key file would be per auth/connection. so if you've got one config, one certificate, and one key, you should be able to use at least 1 connection.
     
  3. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825

    All the OpenVPN providers I have used in the past and currently are using and testing out only give you a ca.crt and a .opvn/.config and that's it and are just username/password authentication, not certification authentication...

    So should the end-user steer clear of just user/pass authentication OpenVPN providers that only hand you a ca.crt and .opvn/.config?


    THANKS
     
  4. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    If the OpenVPN provider is claiming to provide anonymity or security, then yes, you should avoid them as dishonest or incompetent.
     
  5. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825
    SwissVPN is one such company I know that only gives a ca.crt and config file and what drew me to them is that they are pretty decent looking telecommunications company in Switzerland.

    The problem as we all know is trust, who are we going to trust to connect to?

    At least in this way we can see trust should not be a factor with a business as big as this, at least I hope not...

    Now comes the next problem, where is the competance at, to not provide better more secure connectivity with certification authentication...

    http://hotspot.monzoon.net/
    http://www.swissvpn.net/

    P.S. This is a reply back from Matthias R. Koch at SwissVPN, whoever this person is;

    Service is being provided "as is" - this is an access to Swiss Internet,
    it's completely unencrypted from Zurich on anyway, so it's not access to
    Fort Knox :)
     
    Last edited: May 11, 2011
Loading...
Thread Status:
Not open for further replies.