Konfiguracija odjemalca Viscosity z OpenVPN

Compatible Nitrokeys

3A/C/Mini

Passkey

HSM 2

Pro 2

FIDO2

Storage 2

Start

U2F

active

inactive

inactive

active

inactive

active

active

inactive

This guide will show to configure Viscosity client to connect to an OpenVPN instance, using a Nitrokey Pro 2 (or Nitrokey Storage 2), and PKCS#11 authentication.

Predpogoji

Za ta vodnik boste potrebovali nameščen in konfiguriran oddaljeni strežnik OpenVPN za odjemalce. V tem dokumentu smo uporabili OpenVPN 2.49, nameščen v strežniku Debian 10.

To read about how to configure OpenVPN to authenticate with Nitrokey Pro, you might consult the following documentation, as we will just cover the way to configure the Viscosity client in this guide.

Potrebujete tudi naslednje:

  • Nitrokey Pro 2 ali Nitrokey Storage 2

  • Client’s private key client.key loaded on the Nitrokey

  • Client’s certificate client.crt loaded on the Nitrokey

  • The Certificate Authority file, i.e. CA.crt file used for your OpenVPN setup

  • Optional: The shared secret key file, i.e. ta.key

For more information on PKCS#11 key management with OpenVPN, please consult OpenVPN’s documentation.

Uporaba

  1. Zagon programa Viscosity in ustvarjanje nove povezave „openVPN“ (poimenujete jo lahko po želji).

  2. Z desno tipko miške kliknite povezavo in kliknite Uredi

  3. Add your server’s IP address and configure the port according to your configuration.

  4. Pod preverjanjem pristnosti se v razdelku Type pomaknite navzdol do SSL/TLS Client (PKCS11)

  5. Izberite datoteko CA za povezavo

    Po želji: Izberite ta.key v razdelku TLS-Auth

    Img3
  6. Kliknite gumb Dodaj poleg polja Ponudniki in izberite modul PKCS#11 za svoj modul Nitrokey. Določite lahko več ponudnikov, mi pa bomo na primer uporabili OpenSC.

    On macOS, the most common location for modules to be found is in the /usr/lib directory. Please refer to the documentation included with your driver software for the location to use. OpenSC’s module can be found at /Library/OpenSC/lib/opensc-pkcs11.so

    On Windows, the most common location for libraries is either in C:\Program Files or C:\Windows\System32. OpenSC libraries are generally located at C:\Program Files\OpenSC Project\OpenSC\pkcs11. There may be more than one library available here, you can try each one or simply add both.

  7. V spustnem meniju Retrieval izberite metodo pridobivanja

    Img4
    • Če bo v tem računalniku uporabljen samo en ključ Nitrokey, izberite Use certificate name below. Če je ključ Nitrokey trenutno povezan z računalnikom, kliknite Detect, da se v polju Name (Ime) samodejno zapolni gumb Viscosity (Viskoznost). V nasprotnem primeru lahko to polje izpolnite ročno.

    • If in doubt, or if more than one Nitrokey may be used (i.e. multiple users), then select Prompt for certificate name.

    Če je bil izbran Prompt for certificate name, bo Viscosity samodejno zaznal zahtevani ključ na ključu Nitrokey z uporabo določenega modula/ov PKCS#11. Izberite eno od najdenih naprav ali pa ročno vnesite ime serialized id, ki ga želite uporabiti. Tudi v tem primeru mora biti uporabnik po potrebi pozvan k vnosu gesla/PIN.

  8. Kliknite gumb Shrani in se povežite iz glavnega vmesnika.

Reference

Opombe

  • Viskoznost ni brezplačna, zato lahko pri uporabi brezplačne različice naletite na težave.

  • Razmišljamo o uporabi Pritunl kot brezplačne in odprte alternative.