OpenVPN with OTP one time password by google authenticator working all the time part 2

<< Back to part 1 <<

3. Create user (Alice) certificate for authentication :

Generate Alice private key

# openssl genrsa -out alice.key 2048

Generate Alice certificate request

Notice : the common name (CN) should match the username = alice

# openssl req -out alice.req -key alice.key -new -days 365

Sign Alice request by using rootCA

# openssl x509 -in alice.req -out alice.cert -days 365 -req -CA rootCA.cert -CAkey rootCA.key -CAcreateserial

OpenVPN with OTP one time password by google authenticator working all the time

So why OpenVPN but not l2tp or pptp or ipsec ?

The good thing :

- It can be run at tcp:80 or tcp:443. No more worry about firewall or behind NAT.

- Also can be used with http proxied.

- SSLv3 + PKI Cert Authentication.

- Totally free.

- Multiple platforms supported : Windows, Linux, Mac, Ios, Android ...

The bad thing :

- Some vpn solution like l2tp or pptp is supported natively by Windows, when using OpenVPN you need to manually install the client.