From owner-freebsd-questions@freebsd.org Fri Apr 3 08:53:33 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 146F7279F39 for ; Fri, 3 Apr 2020 08:53:33 +0000 (UTC) (envelope-from odhiambo@gmail.com) Received: from mail-ot1-x32c.google.com (mail-ot1-x32c.google.com [IPv6:2607:f8b0:4864:20::32c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48ttxw0mXJz4GBc for ; Fri, 3 Apr 2020 08:53:23 +0000 (UTC) (envelope-from odhiambo@gmail.com) Received: by mail-ot1-x32c.google.com with SMTP id 22so6568913otf.0 for ; Fri, 03 Apr 2020 01:53:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Zz2Ma1qWwbMwiknSkwcUB3R9igE3rSVKoYMTJBAYUNA=; b=kjjaMgJwPNLN5ffRIXpTDoNTVTXxoYqkuwpNo5dExzsY29ZqfiSqrLlutFiAPiF50o t5k+Ne1GihiJ6QpnGTCq5qyEn8mbj/4iwm5EFaWbtlK1Ig3PPS56IpbpHCK1o5tqOH1c hPzeFaTrxKz/NR1Pw/tloXjTKg15YqInMLi/lnyR6Gr9DEThOXW4Zrp434h+4JX1DKmE UZBwEppQRA+3Ach1n16UaYNrLbxELzzZZyZeJMgqZt2WtKHRWRdR2jMHsEzbMEQ20VOS 0hTeS12tRRKnxS52RO8N6ujigfDJHJE5dyX8mPV3myW2t74gJ8T4JcwgJMgngzs0RBuV gBFg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Zz2Ma1qWwbMwiknSkwcUB3R9igE3rSVKoYMTJBAYUNA=; b=JZ/+hnJ655FbjX7E6IQ6KcfxWPZY1083sa80bQ6HOBoD/V2ya+smULE7CvKJLY57Hi HZbxt7Xeu7Qa4+RgUR0CGKRcXRFOSPMGgpnP5kFDK9ykbO9EGRnQecJWwVlJUJm+HEaX kWxTpMl9ozEY46u1Tod1U5SkeOPFvuTfjTrUG03myj0Xbkidc6SkaO6vmlXWRwVsWEP4 HIA5pqC/iGatJPxEma04q0b3WwSLCKUFuOxvg3A9+V9S8O9FYkV1e6e4OVNFxu5UkiaD 5idAhiP621znWITvGHjFytpXLsj1ChHm9ybMkU5JGcq15ELwmynGkHAxOU+apD2e764l JIDQ== X-Gm-Message-State: AGi0PuZo/ZdckAq2hiA7XTckq4DwvmdrORg8045SNE5T7zN24tqCgF8n 63w7TNYvdvG5P7d+vlrIyVSDB9pSItE31JzaFZGt2f8e X-Google-Smtp-Source: APiQypJycvTE5B/r8PEQsMfsYziK7442GFtrzG0eT354SVhSXXwWEZDm/tLa7dxD9HrmsvtgW0F9tQ5c8Wxe8EaSIAs= X-Received: by 2002:a9d:4b98:: with SMTP id k24mr5421254otf.26.1585903994990; Fri, 03 Apr 2020 01:53:14 -0700 (PDT) MIME-Version: 1.0 References: <20200403002449.GB13362@doctor.nl2k.ab.ca> In-Reply-To: <20200403002449.GB13362@doctor.nl2k.ab.ca> From: Odhiambo Washington Date: Fri, 3 Apr 2020 11:52:43 +0300 Message-ID: Subject: Re: OpenVPN and sasl To: The Doctor Cc: User Questions X-Rspamd-Queue-Id: 48ttxw0mXJz4GBc X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=kjjaMgJw; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of odhiambo@gmail.com designates 2607:f8b0:4864:20::32c as permitted sender) smtp.mailfrom=odhiambo@gmail.com X-Spamd-Result: default: False [-3.00 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; IP_SCORE_FREEMAIL(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[c.2.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; IP_SCORE(0.00)[ip: (-7.92), ipnet: 2607:f8b0::/32(-0.34), asn: 15169(-0.44), country: US(-0.05)]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Apr 2020 08:53:33 -0000 On Fri, 3 Apr 2020 at 03:27, The Doctor via freebsd-questions < freebsd-questions@freebsd.org> wrote: > All right I am trying to set up an openvpn server > based on if you have a shell account already. SASL would be nice > but it looks like radius is the next best thing. > > What do I need to set this up properly? > The best way to run OpenVPN has always been to use the certificates. It's more secure, IMHO, as long as the certs are safe. RADIUS and any other way are just complicating matters for yourself unless you want to wade into that territory to learn. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", grep ^[^#] :-)