Shinden's Lair.


Home | About me | moje CV / my resume | RSS 2.0

Fri, 30 Jan 2009

Twitting

You can follow me on twitter: http://www.twitter.com/morrpl or on blip.pl (polish mostly): http://morr.blip.pl. And of course this blog. ;-)

posted at: 21:01 | Tags: anotherme | permalink


Wed, 28 Jan 2009

OpenVPN with crypto tokens on NetBSD

This howto is for using openvpn with crypto token. OpenVPN from pkgsrc doesn't support tokens by default, but you can use this simple patch to use them. Additionally, you'll need:

I won't write now how to initialize token and add certs, I'll just describe client process.

You have to get patch and use it:

/usr/pkgsrc:# wget -O - http://morr.pl/netbsd/net-openvpn-pkcs11.patch | patch

/usr/pkgsrc:# cd net/openvpn && make install clean

Then you should build pcsc-lite:

/usr/pkgsrc/net/openvpn:# cd ../../security/pcsc-lite && make install clean

If you are using USB token, you will need ccid too:

/usr/pkgsrc/security/pcsc-lite:# cd ../../security/ccid && make install clean

After that, you'll only need to run /usr/pkg/sbin/pcscd (unfortunatelly there isn't rc.d script yet) and you're almost done!

You have to know your token ID. You can get it using:

~:# openvpn  --show-pkcs11-ids /usr/pkg/lib/opensc-pkcs11.so

and copying "Serialized id" to your openvpn config in "pkcs11-id" entry. Another entry is needed for this to run:

pkcs11-providers /usr/pkg/lib/opensc-pkcs11.so

And that all!  Of course you have to configure rest of openvpn, like "client", "dev" or "remote", but that is normal openvpn configuration. After running

~:# openvpn --config my.ovpn

you'll see:

Wed Jan 28 00:49:08 2009 OpenVPN 2.1_rc13 i386--netbsdelf [SSL] [LZO2] [PKCS11] built on Jan 27 2009
Wed Jan 28 00:49:08 2009 PKCS#11: Adding PKCS#11 provider '/usr/pkg/lib/opensc-pkcs11.so'


and after a while you'll be asked for PIN to certs on token:

Enter CryptoCard PKI (PIN1) token Password:

After you'll enter the PIN, vpn connection will be established.

If you have any question, feel free to ask. ;-) If there will be demand, I'll write about adding certs to token using pkcs11-tool.

posted at: 00:19 | Tags: Operating Systems, applications, netbsd | permalink


Thu, 22 Jan 2009

Anniversaries

Today is anniversary of my blog. It is two years and 25 posts (including this). Not so many posts after that time. ;-)
This year there are more anniversaries: 10 years of me as Morr, 150 years of Ludwik Zamenhof birth - creator of Esperanto language, which I learn from time to time...
The older I am, the faster time flies. It was long ten years. I've met many people, have lost contact with a few, learn a few things, teach some people a few tricks. Lost some people, which was close to me. Came from Windows to Linux, then NetBSD. Changed place of living, work couple of times. Now it's more or less stable. Well, that was good 10 years, but there are more to come! :-)

UPDATE: Just yesterday I've become an uncle - my sister have given birth to a boy :-)

posted at: 16:13 | Tags: life | permalink


Made with Pyblosxom Viewable With Any Browser Valid XHTML 1.0 Strict