diff --git a/src/Cedar/Admin.c b/src/Cedar/Admin.c
index 65987f54..f1495a23 100644
--- a/src/Cedar/Admin.c
+++ b/src/Cedar/Admin.c
@@ -1113,11 +1113,6 @@ UINT StMakeOpenVpnConfigFile(ADMIN *a, RPC_READ_LOG_FILE *t)
UCHAR *zero_buffer;
UINT zero_buffer_size = 128 * 1024;
char name_tmp[MAX_SIZE];
- X *dummy_x = NULL;
- K *dummy_private_k = NULL;
- K *dummy_public_k = NULL;
- BUF *dummy_x_buf = NULL;
- BUF *dummy_k_buf = NULL;
zero_buffer = ZeroMalloc(zero_buffer_size);
@@ -1155,34 +1150,6 @@ UINT StMakeOpenVpnConfigFile(ADMIN *a, RPC_READ_LOG_FILE *t)
WriteBufChar(x_buf, 0);
SeekBufToBegin(x_buf);
- // Generate a dummy certificate
- if (x != NULL)
- {
- if (RsaGen(&dummy_private_k, &dummy_public_k, x->bits))
- {
- NAME *name;
- wchar_t cn[128];
-
- UniToStr64(cn, Rand64());
-
- name = NewName(cn, cn, cn, L"US", NULL, NULL);
-
- dummy_x = NewRootX(dummy_public_k, dummy_private_k, name, GetDaysUntil2038Ex(), NULL);
-
- FreeName(name);
-
- dummy_x_buf = XToBuf(dummy_x, true);
- SeekBufToEnd(dummy_x_buf);
- WriteBufChar(dummy_x_buf, 0);
- SeekBufToBegin(dummy_x_buf);
-
- dummy_k_buf = KToBuf(dummy_private_k, true, NULL);
- SeekBufToEnd(dummy_k_buf);
- WriteBufChar(dummy_k_buf, 0);
- SeekBufToBegin(dummy_k_buf);
- }
- }
-
FreeX(x);
Zero(hostname, sizeof(hostname));
Zero(tag_before_hostname, sizeof(tag_before_hostname));
@@ -1300,18 +1267,6 @@ UINT StMakeOpenVpnConfigFile(ADMIN *a, RPC_READ_LOG_FILE *t)
"$CA$", x_buf->Buf, false);
}
- if (dummy_x_buf != NULL)
- {
- ReplaceStrEx((char *)config_l3_buf->Buf, config_l3_buf->Size, (char *)config_l3_buf->Buf,
- "$CERT$", dummy_x_buf->Buf, false);
- }
-
- if (dummy_k_buf != NULL)
- {
- ReplaceStrEx((char *)config_l3_buf->Buf, config_l3_buf->Size, (char *)config_l3_buf->Buf,
- "$KEY$", dummy_k_buf->Buf, false);
- }
-
Format(name_tmp, sizeof(name_tmp), "%sopenvpn_remote_access_l3.ovpn", my_hostname);
ZipAddFileSimple(p, name_tmp, LocalTime64(), 0, config_l3_buf->Buf, StrLen(config_l3_buf->Buf));
@@ -1332,18 +1287,6 @@ UINT StMakeOpenVpnConfigFile(ADMIN *a, RPC_READ_LOG_FILE *t)
"$CA$", x_buf->Buf, false);
}
- if (dummy_x_buf != NULL)
- {
- ReplaceStrEx((char *)config_l2_buf->Buf, config_l2_buf->Size, (char *)config_l2_buf->Buf,
- "$CERT$", dummy_x_buf->Buf, false);
- }
-
- if (dummy_k_buf != NULL)
- {
- ReplaceStrEx((char *)config_l2_buf->Buf, config_l2_buf->Size, (char *)config_l2_buf->Buf,
- "$KEY$", dummy_k_buf->Buf, false);
- }
-
Format(name_tmp, sizeof(name_tmp), "%sopenvpn_site_to_site_bridge_l2.ovpn", my_hostname);
ZipAddFileSimple(p, name_tmp, LocalTime64(), 0, config_l2_buf->Buf, StrLen(config_l2_buf->Buf));
@@ -1364,13 +1307,6 @@ UINT StMakeOpenVpnConfigFile(ADMIN *a, RPC_READ_LOG_FILE *t)
FreeBuf(readme_pdf_buf);
FreeBuf(x_buf);
- FreeX(dummy_x);
- FreeK(dummy_private_k);
- FreeK(dummy_public_k);
-
- FreeBuf(dummy_k_buf);
- FreeBuf(dummy_x_buf);
-
Free(zero_buffer);
}
diff --git a/src/bin/hamcore/openvpn_sample.ovpn b/src/bin/hamcore/openvpn_sample.ovpn
index 83bc3df3..6ded2bf7 100644
--- a/src/bin/hamcore/openvpn_sample.ovpn
+++ b/src/bin/hamcore/openvpn_sample.ovpn
@@ -100,6 +100,12 @@ persist-key
persist-tun
client
verb 3
+
+###############################################################################
+# Authentication with credentials.
+#
+# Comment the line out in case you want to use the certificate authentication.
+
auth-user-pass
@@ -117,21 +123,22 @@ $CA$
###############################################################################
-# The client certificate file (dummy).
+# Client certificate and key.
#
-# In some implementations of OpenVPN Client software
-# (for example: OpenVPN Client for iOS),
-# a pair of client certificate and private key must be included on the
-# configuration file due to the limitation of the client.
-# So this sample configuration file has a dummy pair of client certificate
-# and private key as follows.
-
-
-$CERT$
-
-
-
-$KEY$
-
+# A pair of client certificate and private key is required in case you want to
+# use the certificate authentication.
+#
+# To enable it, uncomment the lines below.
+# Paste your certificate in the block and the key in the one.
+;
+;-----BEGIN CERTIFICATE-----
+;
+;-----END CERTIFICATE-----
+;
+;
+;-----BEGIN RSA PRIVATE KEY-----
+;
+;-----END RSA PRIVATE KEY-----
+;