Using a hardware token
This recipe will demonstrate how to use a hardware token as a replacement for an X509 certificate and the corresponding private key.
Getting ready
We use the following network layout:
Keep the hardware token from the first recipe at hand. For this recipe, the server computer was running CentOS 5 Linux and OpenVPN 2.1.1. The client was running Fedora 12 Linux and OpenVPN 2.1.1. Keep the server configuration file basic-udp-server.conf from the Chapter 2 recipe Server-side routing at hand.
How to do it...
Start the server using the configuration file
basic-udp-server.conf:[root@server]# openvpn --config basic-udp-server.confNext, create the client configuration file:
client proto udp remote openvpnserver.example.com port 1194 dev tun nobind ca /etc/openvpn/cookbook/ca.crt tls-auth /etc/openvpn/cookbook/ta.key 1 ns-cert-type server pkcs11-providers /usr/lib64/libeTPkcs11.so pkcs11-id 'Aladdin\x20Ltd\x2E/eToken/001a01a9/Cookbook/20100703'
The last directive
pkcs11...
