>On Tuesday, January 9th, 2024 at 1:45 PM, Gert Doering <g...@greenie.muc.de> >wrote:
> Hi, > > On Tue, Jan 09, 2024 at 10:06:33AM +0000, Peter Davis wrote: > > > I'd like to use something like a MAC address filtering mechanism, but that > > would require scripting and I don't know how to do that. I want no one to > > be able to connect to the OpenVPN server without permission. > > > If a user has no key, they have no permission. If you give them a key, > you have given them permission. > > If you want stronger auth, add --auth-user-pass and (for example) an LDAP > backend, so users need to have a key and know a password. > > > 2- What's the solution? Should I generate one server key and multiple > > client keys? Isn't it better if each department has its own server key? > > > Do you have one server per department, or one server for all? > > It makes sense to have one server key per server, but whether or not > that is "per department" depends on what you are trying to achieve. > > gert > -- > "If was one thing all people took for granted, was conviction that if you > feed honest figures into a computer, honest figures come out. Never doubted > it myself till I met a computer with a sense of humor." > Robert A. Heinlein, The Moon is a Harsh Mistress > > Gert Doering - Munich, Germany g...@greenie.muc.de Hi, 1- Assuming that a user shares his\her username and password with others in addition to the keys, then using --auth-user-pass, can two users with the same username and password connect to the server at the same time? 2- One server for all departments. _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
