[opensuse-factory] openfate / feature 310964 (openvpn-config)
Hi, I wanted to give some more weight on feature 310964 (openvpn-config). So i tried to login onto feature,opensuse.org, but all i immediately get (on an old firefox) is: "error establishing an encrypted connection to static.opensuse,org, error code -8048" My first assumption, was that i had my firewall too tight, but after putting it for a moment wide-open, the error remainded. =================================================================== Currently it says: Description Many people today use an OpenVPN server to access their personal networks or networks at work. The set up of an OpenVPN server is complex also, as several adjustments must be made at various points in the system. e.g. OpenVPN Configfile, SUSEFirewall, /etc/sysconfig Files. A module would make it easier to set up a OpenVPNserver. =================================================================== Allthough the setting-up of a _single_ vpn (openvpn/ipsec) seems a hard job to do at first, it is doable. Allthough a simpe yast-module might be very much welcomed by inexperienced users. On the other hand, if you have to maintain a lot of tunnels, 100, 1000, more (...) you have a much bigger challenge. When having to maintain this amount of tunnels, works breaks down, imho, into following ereas: - certificate management - maintaining tunnel parameters (easy deployment from template) - security-settings (iptables, ebtables, apparrmor, ...) - guarding tunnelconditions (up/down, saturation) I am not talking about the management of client/server-certificates, as there are enough good product dealing with that aspect (yaST-CA, ejbca rhcs) And tunnel conditions can be guarded with products like OpenNMS. But the vast amount of parameters (ta-keys, routing, compressions, ...) that have to be maintained for roadwarriors or site/site connections is a much bigger problem. Much to my colleage's surprise there isn't even a commercial package for handling this. I tried to get people interested from fwbuilder, as it could be another module in their framework, but they declined. So my request, if somebody is going to spent a thought on it, make it usable for more than a single vpn-connection. hw -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On 13.12.2010 09:06, Hans Witvliet wrote:
Hi,
I wanted to give some more weight on feature 310964 (openvpn-config). So i tried to login onto feature,opensuse.org, but all i immediately get (on an old firefox) is: "error establishing an encrypted connection to static.opensuse,org, error code -8048"
My first assumption, was that i had my firewall too tight, but after putting it for a moment wide-open, the error remainded.
It seems you hit SEC_ERROR_OCSP_INVALID_SIGNING_CERT from: http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslerr.html See http://kb.mozillazine.org/OCSP_error_when_accessing_secure_sites how to fix it. Greetings -- Thomas Schmidt (tom [at] opensuse.org) openSUSE Boosters Team "Don't Panic", Douglas Adams (1952 - 11.05.2001) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
participants (2)
-
Hans Witvliet
-
Thomas Schmidt