Help/advice request please.

Charles Swiger cswiger at
Mon Nov 16 21:55:38 UTC 2015

On Nov 16, 2015, at 1:38 PM, Dave B <g8kbvdave at> wrote:
> Trying to figure out how to get openvpn setup, ultimately for a small number of 
> traveling client machines (Linux and Windows) all owned by myself, for my own 
> personal use.
> Is there any (in plain english) "how-to's" out there, that actually work?

Sure.  Use preshared static keys, documented here: <>

Use client certs when you're supporting dozens of different users, not one.

> In particular, in regards to creating a self-signed CA (and the other needed) 
> certificates, working at the command line.
> I'm falling over with the (undocumented) various user input data fields.
> For example, it's taken me a full week, to find out that my country code is not 
> UK, or 44, but GB!
> But there is no guidance as to what the other field values should (or should 
> not) be.  Such as region/state etc.

x.509 PKI cryptography is hard.  Running your own CA is sufficient work that most
people pay good money for certs rather than doing it themselves.


More information about the freebsd-questions mailing list