On Tue, 16 Jan 2024 07:10:02 +0000, Peter Davis via Openvpn-users <openvpn-users@lists.sourceforge.net> wrote:
>> > On Mon, Jan 15, 2024 at 04:35:40PM +0000, Peter Davis wrote: >> >> >> <snip> >> >> > > If so, why is there a directory named "client" under /etc/openvpn/ >> > > directory? >> >> >> The /etc/openvpn/client directory is intended for use of client openvpn >> configuration files. >> Specifically, for use with systemd. Specifically, for use with systemd. >> You will need to familiarise yourself with systemd to continue. +1 >> >> I believe openvpn have a little systemd integration documentation, somewhere >> .. >> >> YMMV >> tct > >Hi, >Thanks again. >So, if I delete the client keys from the OpenVPN server, the clients can still >connect to the server. > >1- Is "pki/ca.crt" unique for each client? > >2- You said that if I use authentication based on username and password, then >two people cannot > connect to the server at the same time with the same username and password. > Is this possible if > each client has its own unique key? For example, if I generate a client key > and share it with > 100 people and connect the OpenVPN server to Active Directory, and the > clients use the username > and password defined in Active Directory to connect to the OpenVPN server > for authentication, > then two people cannot connect to the server at the same time with the same > username and password? Why can't you just use the system as designed? There are 2 dirs in /etc/openvpn named client and server respectively. The server dir is where the conf files for the server functionality reside. Each conf file there represent a server instance, whic must be defined with different port numbers in order for it to work. The client dir is where you keep conf files for OTHER OpenVpn server you want the server itself to connect to as a client. Noy usually used on a server, but when you install openvpn on a Linux machine it sets it up to be either a server or a client (or both) by these two locations of the conf files. And it is not like you propose that you use a login consisting of username + password, when password is mentioned here then it is about the decryption password of the client ovpn file. The ovpn file itself contains an encrypted username (the Common Name) which is what is used as identifier upon login and can be used to reject logins via a ccd dir entry as I described earlier. NOTE: If you are reading old howto pages on the Internet then you might get confused because back then the client and server dirs were not used by default... Please check the data of any HOWTO you read, if they are older than a couple of years they may contain old stale advice. -- Bo Berglund Developer in Sweden _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
