Knowledgebase
ThinLinX Support > ThinLinX Help Desk > Knowledgebase

Search help:


OpenVPN support limitations

Solution

Support for OpenVPN VPNs in TMS 8.2.0 and TLXOS 4.8.0/4.9.0 is very basic.  In later releases we will provide interactive controls for VPN configuration, and support other schemes such as L2TP/IPSEC, but at present VPN setup is entirely configuration-file driven and subject to some limitations:

  • At present we only support an OpenVPN configuration that uses SSL certificates as the sole means of authentication.  If your OpenVPN server requires a password (other than the private key passphrase) as well as or instead of SSL certificates, then you will need to make manual alterations to your OVPN configuration file to get OpenVPN working.
  • The public and private keys for the client certificate, and the public key for the Certificate Authority needed to validate your OpenVPN server, must be embedded in the OVPN configuration file using <cert>, <key> and <ca> tags respectively.
  • The private key must be unencrypted, i.e. must have had its passphrase removed.  We realize that this defeats the intent of two-factor authentication and means that anyone who has access to your TLXOS device has access to your VPN, but interactively prompting for a passphrase at boot-time causes too many problems, in terms of both implementation difficulty and logistics (e.g. you may not be able to remotely manage a device using TMS until the console operator enters the passphrase to bring the VPN up, which would be undesirable for many).

 

Related articles How can I SSH / get root access to a TLXOS device?
Why is my CA certificate not recognized/trusted?
Article details
Article ID: 49
Category: General Information
Date added: 2020-07-18 23:52:11
Views: 74

 
« Go back