vpncmd Issues
Posted: Sun Oct 07, 2018 11:03 am
First of all, thank you for providing such a powerful software as OSS to the community. Currently i'm working on a softether docker container where several 'install taks' should be done automatically especially providing certs for the instance. I've encountered some problems trying to configure a softether server via console:
- fails when a filename is provided although the help implicitly states that a filename is expected. However calling the same command without a filename and entering one doesn't work either with the same error msg.
Code: Select all
vpncmd localhost /SERVER /HUB:VAone /CMD CAAdd path/to/mycertfile
Calling it again without a filename and pressing enter once gives a prompt text for the file, after entering an adequate path to a file it works!
I don't think this is intendend. -
Softether doesn't honor the default CA store of a host eg. CA certs installed in /etc/ssl/certs on debian based systems. Is that intended?
In that case any installed softether instance expects certs installed in /usr/local/libexec/softether/chain_certs (assuming here the path of make install)?
...or to be embedded in the vpn_server.config file by using the Manager or vpncmd to add a CA with CAAdd?
If both are in use which one is checked first?
For what scenario exactly do i need to place chained CA certs in /usr/local/libexec/softether/chain_certs? -
import of PKCS12 certs (which requires a password) doesn't work although the GUI client is doing it the correct way by prompting for a password so the procedure of decoding it must be somewhere buried in there. For a docker build it would be convenient if certs are rather kept encrypted instead of decrypting them to a file beforehand.
Code: Select all
vpncmd localhost /SERVER /CMD ServerCertSet /LOADCERT:/path/to/myCert /LOADKEY:/path/to/myKey
- Is it possible to get into the server by using vpncmd without providing a password eg: connecting via localhost?
Trying to give the /PASSWORD arg fails when chars (eg: exclamation mark) are contained which are interpreted by bash before vpncmd is executed. A hint in "--help" would be nice. Providing a password somewhere in a script isn't a good idea anyway but the docker build process doesn't allow any interaction like inputting a password. Would be nice if the password could be supplied by an env variable.