>On Saturday, January 13th, 2024 at 3:26 PM, Gert Doering <g...@greenie.muc.de> >wrote:
> Hi, > > On Thu, Jan 11, 2024 at 07:35:13PM +0000, Peter Davis wrote: > > > > Abandon that thought. We've been here before: you need unique keys per > > > user, everything else will just make your life painful and miserable. > > > > If each user has their own key, then there should be a Client.conf file for > > each user, which itself contains a unique IP address, a unique port and a > > unique TUN. For example, for 100 users, there are 100 configuration files, > > 100 IP addresses, 100 open ports and 100 TUNs. > > > OpenVPN Server is point-to-multipoint, so a single server can easily > handle 1000s of clients. > > You need a unique key+cert per client, which form a unique client config > (everything not key/cert related stays the same, though). Nothing else > needs to be maintained per-client, the server will do that all for you. > > With a single TUN. > > gert > > -- > "If was one thing all people took for granted, was conviction that if you > feed honest figures into a computer, honest figures come out. Never doubted > it myself till I met a computer with a sense of humor." > Robert A. Heinlein, The Moon is a Harsh Mistress > > Gert Doering - Munich, Germany g...@greenie.muc.de Hi, You said "You need a unique key+cert per client, which form a unique client config (everything *not* key/cert related stays the same, though).", are these unique keys generated for each client by the following commands? ./easyrsa gen-req <client name> nopass ./easyrsa sign-req client <client name> _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
