On Mon, 15 Jan 2024 08:41:16 +0000, Peter Davis via Openvpn-users <openvpn-users@lists.sourceforge.net> wrote:
>Yes, but shouldn't you copy the following files for each client? > ># cp pki/ca.crt /etc/openvpn/client/ ># cp pki/issued/client.crt /etc/openvpn/client/ ># cp pki/private/client.key /etc/openvpn/client/ > >And create an .ovpn file for each client with the contents of the above files! I fail to understand why you are going on about the client side being *shared* among clients. It makes it impossible to distinguish between the users and you have to set up the system to allow concurrent use of the same "client" even though they are NOT the same.... It is simply not how OpenVPN was designed to be used AFAICT. That said, I suggest you do as I have done and write a script file that does all of the needed things for creation of a new client with its needed client.ovpn file. I have done so and I simply issue this for any new client: ./MakeOVPN3 ClientName [N|P] The argument following the client name controls weather the client needs to enter a password on connection or not. Default is with password check. The thing you need to make sure you manage is the ClientName, which is a unique CommonName for *each* client. All certs etc created will be named using this CN. And you need to create a template file containing the client conf commands to be used when building the ovpn file. What my script does is this: - Check input arguments including that the client name does not already exist - Request the client password if P was set - Print a confirmation message before starting the job Commands to create files: - easyrsa --passin=pass:$CLIENT_PWD --passout=pass:$CLIENT_PWD build-client-full $CLIENTNAME or if no password is needed: - easyrsa --nopass build-client-full $CLIENTNAME - Check that the public cert and key exist - Check that the tls-auth key exists - Create the ovpn file by concatenating: the default conf file + CA cert + client cert + client key + tls-auth key - Finally make the ovpn file usable on windows by running unix2dos on it - Write the Client Common Name + the password to a log file - Copy the ovpn file to a directory where all are stored. By doing this script correctly once you can then produce many client ovpn files rapidly. -- Bo Berglund Developer in Sweden _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
