I’ve been issuing a lot of x.509 certs and OpenVPN user configurations lately, and I came across something that has reduced the complexity quite a bit. It seems that OpenVPN configuration files can now include data inline. So rather than generating and distributing the following for each user:<\/p>\n
one may distribute to users just the following:<\/p>\n
This process and the process of creating new users\/certificates is automated by the fine people who develop OpenVPN<\/a> itself and the OpenVPN AS<\/a> management software. It is good to know that if you are unable to use this service, the process is at least much less complicated these days.<\/p>\n One thing to keep in mind is that some platforms do not support all OpenVPN configuration file options. One in particular that has been giving me trouble is the dev<\/i> and dev-type<\/i> options. If your configuration file (.ovpn or .conf) is intended for use with Tunnelblick on OSX, be sure to set dev<\/i> to either tun<\/b> or tap<\/b>, and be sure not to use the dev-type<\/i> option. It seems that the tuntap code on OSX<\/a> does not support arbitrary names for the devices; the device names must be generated by the kernel.<\/p>\n\n