Login or Register to Ask a Question and Join Our Community


Shell Programming and Scripting

Help with a bash script for openvpn

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting Help with a bash script for openvpn
# 1  
Old 10-17-2007
Help with a bash script for openvpn
I've got a openvpn server and I'm searching a way to permit that a certain certificate is operative only if the connection comes from from a certain ip. Others certificates must have not this limitation because they are for road warriors and we don't know where they can come from.

So the idea is to have an array in a script (we can state some up and down script) or an external file where we have this data:

nameofcertificate:ip or network or range

example

jsmith:1.2.3.4
jsmith:1.2.3.5
jsmith:192.168.1.[10-20]

so Mr Smitch can connect only from these locations.

I state that at the beginning of the connection I've got both the variables, one derived from the common_name and the other from the env and is trusted_ip.

Now I've got to compare the array (or external file) with this variables and if there is a corrispondence permit the connection else not. If a valid certificate is not in the list there is no check on ip.

I am not very skilled for this kind of work, someone can help me? Thanks.
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

How to block first bash script until second bash script script launches web server/site?

I'm new to utilities like socat and netcat and I'm not clear if they will do what I need. I have a "compileDeployStartWebServer.sh" script and a "StartBrowser.sh" script that are started by emacs/elisp at the same time in two different processes. I'm using Cygwin bash on Windows 10. My... (3 Replies)
Discussion started by: siegfried
3 Replies

2. Cybersecurity

Openvpn nat and iptables

good day good people hi first to tell that firewall and vpn is working as expected, but I notice something strange. I have host system 11.11.11.11(local ip) firewall is blocking everything except port to vpn. I have vpn on virtualized system 22.22.22.22 (CentOS both host and virtual). ... (0 Replies)
Discussion started by: end
0 Replies

3. Solaris

OpenVPN and NAT

Hi. I am attempting to set up an OpenVPN server on my Solaris 11 box by following all the Linux guides. Thus far I have a working VPN that I can connect to and ssh onto my VPN server over which is great but not what I require long term. I would like to route all VPN client requests for addresses... (0 Replies)
Discussion started by: nickb1976
0 Replies

4. UNIX for Dummies Questions & Answers

iptables for openvpn

Hey all, I'm trying to get openvpn working on DD-WRT router. I can make a connection inside my lan, but outside the connection is yellow. I think yellow means it is close to making a connection, but it never completes the connection. So I believe there is a problem with my iptables since it... (0 Replies)
Discussion started by: sdnix
0 Replies

5. UNIX for Dummies Questions & Answers

How do I install a OpenVPN in CentOS?

Hi, I have looked at different tutorials across the net on how to install a OpenVPN in Linux CentOS but I can't understand any of the instructions given. So I typed myself some step-by-step instructions that I do understand. This is the type of simplified instructions I do... (1 Reply)
Discussion started by: TheCorporation
1 Replies

6. IP Networking

Cisco VPN pcf and OpenVPN

I was given my pcf file to login to work from home and wanted to use OpenVPN instead of the Cisco VPN client software. Can I use this pcf file with OpenVPN? I attempted to use vpnc: http://wiki.centos.org/HowTos/vpnc but it just times out ?? (2 Replies)
Discussion started by: metallica1973
2 Replies

7. IP Networking

OPENVPN on FREEBSD

Hello gurus , I have a vmware machine on xp wich holds a FREBSD 8.0 BETA2 i386 my xp ip is 192.168.0.12 my freebsd le0 ( ext iface, vmware bridged ) is 192.168.0.105 ( can ping google; etc...) my freebsd le2 (int iface, vmware local only) is 192.168.141.5 my freebsd le1 is disabled as... (0 Replies)
Discussion started by: cozsmin
0 Replies

8. UNIX for Advanced & Expert Users

OpenVPN 2.09 ns-cert-type ???

--ns-cert-type client|server Require that peer certificate was signed with an explicit nsCertType designation of "client" or "server". This is a useful security option for clients, to ensure that the host they connect with is a designated server. See the easy-rsa/build-key-server script for... (0 Replies)
Discussion started by: kungpow
0 Replies

9. Cybersecurity

RV082 with OpenVPN and/or isakmpd

Has anyone gotten either isakmpd or OpenVPN working with a Linksys RV082? Would you be willing to share a conf file? Thanks! (0 Replies)
Discussion started by: vertigo23
0 Replies
Login or Register to Ask a Question

LEARN ABOUT NETBSD

ssl_ctx_add_extra_chain_cert

SSL_CTX_add_extra_chain_cert(3) 				      OpenSSL					   SSL_CTX_add_extra_chain_cert(3)

NAME

       SSL_CTX_add_extra_chain_cert - add certificate to chain

LIBRARY

       libcrypto, -lcrypto

SYNOPSIS

	#include <openssl/ssl.h>

	long SSL_CTX_add_extra_chain_cert(SSL_CTX ctx, X509 *x509)

DESCRIPTION

       SSL_CTX_add_extra_chain_cert() adds the certificate x509 to the certificate chain presented together with the certificate. Several
       certificates can be added one after the other.

NOTES

       When constructing the certificate chain, the chain will be formed from these certificates explicitly specified. If no chain is specified,
       the library will try to complete the chain from the available CA certificates in the trusted CA storage, see
       SSL_CTX_load_verify_locations(3).

       The x509 certificate provided to SSL_CTX_add_extra_chain_cert() will be freed by the library when the SSL_CTX is destroyed. An application
       should not free the x509 object.

RESTRICTIONS

       Only one set of extra chain certificates can be specified per SSL_CTX structure. Different chains for different certificates (for example
       if both RSA and DSA certificates are specified by the same server) or different SSL structures with the same parent SSL_CTX cannot be
       specified using this function.

RETURN VALUES

       SSL_CTX_add_extra_chain_cert() returns 1 on success. Check out the error stack to find out the reason for failure otherwise.

SEE ALSO

       ssl(3), SSL_CTX_use_certificate(3), SSL_CTX_set_client_cert_cb(3), SSL_CTX_load_verify_locations(3)

1.0.1i								    2014-08-10					   SSL_CTX_add_extra_chain_cert(3)