Openvpn On My Machine: Easy-RSA: Building My Public Key Infrastructure (PKI) part I

I have been on the lookout for third party VPN providers for a year now. Since the start of 2017, privacy is in the top of my to-do list. After installing Arch linux early February, and configuring basic maintenance and security procedures, I am now ready to embark on connecting to somekind of vpn service. From what I’ve read so far my best bet is a third party vpn provider which gives me a secure and private connection to the Internet and easy to configure. I also went to the Arch linux wiki, specifically, Openvpn and Easy-RSA pages. Arch linux has a culture of “do-it-yourself” and “keep-it-simple-shit” (KISS, maybe I got that wrong).

The latter course is the subject of my post (hopefully in the next post(s) I could bring good news too). Openvpn is based on machines authenticating themselves to servers which connect to the Internet securely. I have to build up my public key infrastructure PKI to make this possible. In the wiki, it is recommended that the CA issuing machine be different (more entropy capable) from the server and of course the client machines. This path assumes I have more than one machine. What if I only have one?

Openvpn is a flexible and highly configurable software. It says so in the manual:

“OpenVPN is an open source VPN daemon by James Yonan. Because OpenVPN tries to be a universal VPN tool offering a great
deal of flexibility, there are a lot of options…”


“OpenVPN is a robust and highly flexible VPN daemon. OpenVPN supports SSL/TLS security, ethernet bridging, TCP or UDP tun‐
nel transport through proxies or NAT, support for dynamic IP addresses and DHCP, scalability to hundreds or thousands of
users, and portability to most major OS platforms.

OpenVPN is tightly bound to the OpenSSL library, and derives much of its crypto capabilities from it.

OpenVPN supports conventional encryption using a pre-shared secret key (Static Key mode) or public key security (SSL/TLS).”

But what closed the deal for me is this:

“Sample OpenVPN 2.0 config file for #
# multi-client server. #
# #
# This file is for the server side #
# of a many-clients one-server #
# OpenVPN configuration. #
# #
# OpenVPN also supports #
# single-machine single-machine
# configurations (See the Examples page #
# on the web site for more info).

I hope single machine is what it means and I can make this work.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s