Not familiar with --outform argument. Will have to look into it. Presume you are doing site to site/network to network? Or are you setting this up for end users to terminate to? I've done the latter many many times, but not net to net. Happy to provide docs if you/nanog like. I think that everyone should run a vpn to secure remote access to services they are operating. You integrating this with an existing ski infrastructure? If so is it openssl based? Or maybe ad based? Lots of openvpn variables.... Might be worth starting a new thread on the subject. As I said, I feel its vital for folks to have a deep familiarity with openvpn and best practices etc. ------Original Message------ From: Randy Bush To: Charles Wyble Cc: nanog@nanog.org Subject: Re: dns interceptors Sent: Feb 14, 2010 7:10 PM
I run openvpn on my linux box to do exactly that.
i am in the midst of setting up some openvpn servers now, westin, ashburn, tokyo, but westin first. having problems sorting in what --outform it wants the bleeping certs. randy Sent via BlackBerry from T-Mobile