剑次狼 于 2010-06-24 05:23(13 年以前) 发表:
crl-verify 建议要放在/etc/openvpn/下
即在服务端的配置文件 server.conf 中,加入这样一行:
crl-verify /etc/openvpn/crl.pem
否则会报错cannot read: crl.pem: Permission denied (errno=13)
官方解释是要可读的。
OpenVPN needs to have the crl.pem file in a world readable directory because OpenVPN executes as nobody:nogroup once launched, and it checks this file on each client connection. You do not wish to set /etc/openvpn/easy-rsa/keys/ world readable.
Build the Diffie-Hellman parameters for the server side