OpenVPN with NetworkManager
FIXME (needs some more details and maybe a screenshot)
The GNOME Desktop in Ubuntu, Fedora and other recent distributions comes with NetworkManager which is a tool to easily maintain the network connections.
You need to install the openvpn plugin to get to a dialog windows which will accept several configuration settings.
Ubuntu (e.g)
sudo apt-get install network-manager-openvpn
For the certificate there is some extra work to do. As NetworkManager does only accept the certificate in the pem format we need to run these commands where IPFIRE.p12 is the certificate file from the configuration archive you downloaded from the webinterface.
openssl pkcs12 -in IPFIRE.p12 -clcerts -nokeys -nodes -out user.pem
openssl pkcs12 -in IPFIRE.p12 -nocerts -nodes -out keys.pem
openssl pkcs12 -in IPFIRE.p12 -cacerts -nodes -out ca.pem
OpenVPNs cipher and digests tests with OpenSSL version 1.0.1f
This table lists the compatibility for operating systems in relation to the OpenSSL library (at this time version 1.0.1f) and his ciphers but also his digests algorithm.
| Systems | Ciphers | Digests | Needed updates ? |
|---|---|---|---|
| Android | All/ |
SHA1/SHA256/SHA384/SHA512 | |
| iOS 7.04 | All/ |
SHA1/SHA256/SHA384/SHA512 | |
| OS X 10.6 | All | All | OpenSSL update needed, tested with Macports |
| OS X 10.6 10.9 | All/ |
SHA1/SHA256/SHA384 | Without update |
| Windows 7 | ? | SHA1/SHA256/SHA384/SHA512 | Without special update |
| Fedora-19 | All | All | Without updated version |
| Ubuntu-12.04 | All | All | Without updated version |
| IPFire Core 71 | ALL/ |
SHA1/SHA256 | Update to IPFire 2.15 Core 76 needed |
This table lists the generation time of the PKI with 4096 bit for the root certificate, 2048 bit for the host certificate and the CRL, but also the generation of the Diffie-Hellman key lenght with 1024 bit (default), 2048 bit and 4096 bit on different systems.
| Systems | Diffi-Hellman key lenght | Generation Time |
|---|---|---|
| Jetway JNC9C-550-LF Dual Core 1.5GHz 64-bit Intel Atom N550 system | 1024 bit | 1:12 min. |
| " | 2048 bit | 9:64 min. |
| " | 4096 bit | 3h 48 min. (Partly considerable differences) |