>On Saturday, January 13th, 2024 at 3:26 PM, Gert Doering <g...@greenie.muc.de> 
>wrote:


> Hi,
> 
> On Thu, Jan 11, 2024 at 07:35:13PM +0000, Peter Davis wrote:
> 
> > > Abandon that thought. We've been here before: you need unique keys per
> > > user, everything else will just make your life painful and miserable.
> > 
> > If each user has their own key, then there should be a Client.conf file for 
> > each user, which itself contains a unique IP address, a unique port and a 
> > unique TUN. For example, for 100 users, there are 100 configuration files, 
> > 100 IP addresses, 100 open ports and 100 TUNs.
> 
> 
> OpenVPN Server is point-to-multipoint, so a single server can easily
> handle 1000s of clients.
> 
> You need a unique key+cert per client, which form a unique client config
> (everything not key/cert related stays the same, though). Nothing else
> needs to be maintained per-client, the server will do that all for you.
> 
> With a single TUN.
> 
> gert
> 
> --
> "If was one thing all people took for granted, was conviction that if you
> feed honest figures into a computer, honest figures come out. Never doubted
> it myself till I met a computer with a sense of humor."
> Robert A. Heinlein, The Moon is a Harsh Mistress
> 
> Gert Doering - Munich, Germany g...@greenie.muc.de

Hi,
You said "You need a unique key+cert per client, which form a unique client 
config (everything *not* key/cert related stays the same, though).", are these 
unique keys generated for each client by the following commands?

./easyrsa gen-req <client name> nopass
./easyrsa sign-req client <client name>


_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to