Linux OpenVPN
The following section describes how to configure OpenVPN on Rocky 9.1 - Rocky 9.3 Linux with an Idem Key, TrustKey G310, or Yubikey 5 NFC FIPS.
OpenVPN using a .p12 file loaded onto a Security Key is similar to regular OpenVPN on a Linux terminal. However, the client configuration file will be slightly different. It will look similar to this:
clientNotice at the bottom that there is a pkcs11-providers field and a pkcs11-id field. These two fields and their contents will cause the OpenVPN client to request authentication using a specific Security Key.
dev tun
proto tcp
remote 192.168.1.1 1194
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb 4
auth-nocache
cipher AES-256-GCM
tls-auth ta.key 1
ca cacert.pem
pkcs11-providers usr/lib64/libGTTknP11.so.2.3
pkcs11-id 'GoTrustID\x20Inc\x2E/Idem\x20Key\x2DPKI/0810013080100003/Idem\x20Key\x20Plus/EDF5B963AA8B0C84F763B98C30D5019FB64B2DE5'
sudo openvpn --show-pkcs11-ids /path/to/libGTTknP11.so.2.3
If the ID that this command gives you is not in the same format as the pkcs11-id above, then you may have to use a different version of OpenVPN to get it. OpenVPN 2.3.18 was used to get the above ID.