> On Tuesday, January 16th, 2024 at 11:38 AM, Gert Doering
> wrote:
> Hi,
>
> On Tue, Jan 16, 2024 at 08:03:41AM +, Peter Davis wrote:
>
> > 1- You said "I said that OpenVPN will (by default) disallow multiple logins
> > with the same client key+cert.", so if I generate a client key usin
Hi,
On Tue, Jan 16, 2024 at 08:03:41AM +, Peter Davis wrote:
> 1- You said "I said that OpenVPN will (by default) disallow multiple logins
> with the same client key+cert.", so if I generate a client key using the
> commands below, then I can't use this key on multiple devices at the same
>
> On Tuesday, January 16th, 2024 at 10:59 AM, Gert Doering
> wrote:
> Hi,
>
> On Tue, Jan 16, 2024 at 07:10:02AM +, Peter Davis via Openvpn-users wrote:
>
> > Hi,
> > Thanks again.
> > So, if I delete the client keys from the OpenVPN server,
> > the clients can still connect to the server
Hi,
On Tue, Jan 16, 2024 at 07:10:02AM +, Peter Davis via Openvpn-users wrote:
> Hi,
> Thanks again.
> So, if I delete the client keys from the OpenVPN server,
> the clients can still connect to the server.
Yes.
> 1- Is "pki/ca.crt" unique for each client?
No. This is the CA's certificate
On Tue, 16 Jan 2024 07:10:02 +, Peter Davis via Openvpn-users
wrote:
>> > On Mon, Jan 15, 2024 at 04:35:40PM +, Peter Davis wrote:
>>
>>
>>
>>
>> > > If so, why is there a directory named "client" under /etc/openvpn/
>> > > directory?
>>
>>
>> The /etc/openvpn/client directory is i
>On Tuesday, January 16th, 2024 at 5:02 AM, tincantech
> wrote:
> Hi,
>
> Sent with Proton Mail secure email.
>
>
> On Monday, January 15th, 2024 at 4:40 PM, Gert Doering g...@greenie.muc.de
> wrote:
>
>
>
> > Hi,
> >
> > On Mon, Jan 15, 2024 at 04:35:40PM +, Peter Davis wrote:
>
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
Sent with Proton Mail secure email.
On Monday, January 15th, 2024 at 4:40 PM, Gert Doering
wrote:
> Hi,
>
> On Mon, Jan 15, 2024 at 04:35:40PM +, Peter Davis wrote:
>
>
> > If so, why is there a directory named "client" under /etc
Hi,
On Mon, Jan 15, 2024 at 04:35:40PM +, Peter Davis wrote:
> So, if the client's keys are not present in the OpenVPN server, then
> the client can connect to the server?
Yes. Textbook, X.509 certificates, PKI infrastructure.
> If so, why is there a directory named "client" under /etc/ope
>On Monday, January 15th, 2024 at 5:14 PM, Gert Doering
>wrote:
> Hi,
>
> On Mon, Jan 15, 2024 at 08:41:16AM +, Peter Davis wrote:
>
> > Yes, but shouldn't you copy the following files for each client?
> >
> > # cp pki/ca.crt /etc/openvpn/client/
> > # cp pki/issued/client.crt /etc/openv
Hi,
On Mon, Jan 15, 2024 at 08:41:16AM +, Peter Davis wrote:
> Yes, but shouldn't you copy the following files for each client?
>
> # cp pki/ca.crt /etc/openvpn/client/
> # cp pki/issued/client.crt /etc/openvpn/client/
> # cp pki/private/client.key /etc/openvpn/client/
No. These files do not
On Mon, 15 Jan 2024 08:41:16 +, Peter Davis via Openvpn-users
wrote:
>Yes, but shouldn't you copy the following files for each client?
>
># cp pki/ca.crt /etc/openvpn/client/
># cp pki/issued/client.crt /etc/openvpn/client/
># cp pki/private/client.key /etc/openvpn/client/
>
>And create an .o
>On Monday, January 15th, 2024 at 10:51 AM, Gert Doering
>wrote:
> Hi,
>
> On Mon, Jan 15, 2024 at 06:25:38AM +, Peter Davis via Openvpn-users wrote:
>
> > Thanks again.
> > Should I run the following commands for each client?
> >
> > $ ./easyrsa gen-req nopass
> > $ ./easyrsa sign-req
Hi,
On Mon, Jan 15, 2024 at 06:25:38AM +, Peter Davis via Openvpn-users wrote:
> Thanks again.
> Should I run the following commands for each client?
>
> $ ./easyrsa gen-req nopass
> $ ./easyrsa sign-req client
Sounds plausible (I'm not using current easy-rsa, but that's the normal
order o
>On Saturday, January 13th, 2024 at 3:26 PM, Gert Doering
>wrote:
> Hi,
>
> On Thu, Jan 11, 2024 at 07:35:13PM +, Peter Davis wrote:
>
> > > Abandon that thought. We've been here before: you need unique keys per
> > > user, everything else will just make your life painful and miserable.
>
>On Friday, January 12th, 2024 at 12:04 AM, Jochen Bern
>wrote:
> On 11.01.24 20:35, Peter Davis via Openvpn-users wrote:
>
> > On Wednesday, January 10th, 2024 at 11:25 AM, Gert Doering
> > g...@greenie.muc.de wrote:
> >
> > > On Wed, Jan 10, 2024 at 07:53:35AM +, Peter Davis wrote:
> >
On Sat, 13 Jan 2024 12:56:41 +0100, Gert Doering wrote:
>Hi,
>
>On Thu, Jan 11, 2024 at 07:35:13PM +, Peter Davis wrote:
>>> Abandon that thought. We've been here before: you need unique keys per
>>> user, everything else will just make your life painful and miserable.
>>
>> If each user has
Hi,
On Thu, Jan 11, 2024 at 07:35:13PM +, Peter Davis wrote:
> > Abandon that thought. We've been here before: you need unique keys per
> > user, everything else will just make your life painful and miserable.
>
> If each user has their own key, then there should be a Client.conf file for
> e
On 11.01.24 20:35, Peter Davis via Openvpn-users wrote:
On Wednesday, January 10th, 2024 at 11:25 AM, Gert Doering
wrote:
On Wed, Jan 10, 2024 at 07:53:35AM +, Peter Davis wrote:
True, but I don't want to create a key for each employee in the department.
Abandon that thought. We've been
>On Wednesday, January 10th, 2024 at 11:25 AM, Gert Doering
> wrote:
> Hi
>
> On Wed, Jan 10, 2024 at 07:53:35AM +, Peter Davis wrote:
>
> > True, but I don't want to create a key for each employee in the department.
>
>
> Abandon that thought. We've been here before: you need unique key
>
> 2- The Active Directory server is located inside the company, and if users
> want to connect to the OpenVPN server from outside the company, then how is
> authentication done?
>
VPN authentication is done by your OpenVPN server. As long as the server
has access to the AD, it does not matter wh
Hi
On Wed, Jan 10, 2024 at 07:53:35AM +, Peter Davis wrote:
> True, but I don't want to create a key for each employee in the department.
Abandon that thought. We've been here before: you need unique keys per
user, everything else will just make your life painful and miserable.
gert
--
"If
>On Tuesday, January 9th, 2024 at 4:25 PM, Gert Doering
>wrote:
> Hi,
>
> On Tue, Jan 09, 2024 at 11:33:22AM +, Peter Davis wrote:
>
> > > What do you mean by "revoke the key of one department"? This question does
> > > not make much sense, since there is no per-department key, if you do
Hi,
On Tue, Jan 09, 2024 at 11:33:22AM +, Peter Davis wrote:
> > What do you mean by "revoke the key of one department"? This question does
> > not make much sense, since there is no per-department key, if you do not
> > have per-department servers.
>
> In your company, you have 3 departments.
On 09.01.24 12:33, Peter Davis via Openvpn-users wrote:
An employee in the supervision department shares a key with someone
outside the company, and you want to block access to the server
through that key. You must revoke the certificate of the supervision
department. If each department has its o
>On Tuesday, January 9th, 2024 at 2:47 PM, Gert Doering
>wrote:
> Hi,
>
> On Tue, Jan 09, 2024 at 11:14:26AM +, Peter Davis wrote:
>
> > 1- So, by using --auth-user-pass I can prevent excessive access to the
> > server.
>
>
> That depends on your definition of "excessive" and "prevent"
Hi,
On Tue, Jan 09, 2024 at 11:14:26AM +, Peter Davis wrote:
> 1- So, by using --auth-user-pass I can prevent excessive access to the server.
That depends on your definition of "excessive" and "prevent", but it
gives you more control on who can login, and when.
> 2- I want each department to
>On Tuesday, January 9th, 2024 at 2:02 PM, Gert Doering
>wrote:
> Hi,
>
> On Tue, Jan 09, 2024 at 10:25:13AM +, Peter Davis wrote:
>
> > 1- Assuming that a user shares his\her username and password with
> > others in addition to the keys, then using --auth-user-pass, can
> > two users wit
Hi,
On Tue, Jan 09, 2024 at 10:25:13AM +, Peter Davis wrote:
> 1- Assuming that a user shares his\her username and password with
> others in addition to the keys, then using --auth-user-pass, can
> two users with the same username and password connect to the server
> at the same time?
No, bec
>On Tuesday, January 9th, 2024 at 1:45 PM, Gert Doering
>wrote:
> Hi,
>
> On Tue, Jan 09, 2024 at 10:06:33AM +, Peter Davis wrote:
>
> > I'd like to use something like a MAC address filtering mechanism, but that
> > would require scripting and I don't know how to do that. I want no one t
Hi,
On Tue, Jan 09, 2024 at 10:06:33AM +, Peter Davis wrote:
> I'd like to use something like a MAC address filtering mechanism, but that
> would require scripting and I don't know how to do that. I want no one to be
> able to connect to the OpenVPN server without permission.
If a user has
>On Tuesday, January 9th, 2024 at 11:33 AM, Gert Doering
>wrote:
> Hi,
>
> On Tue, Jan 09, 2024 at 07:20:24AM +, Peter Davis wrote:
>
> > 1- So one of the benefits of using LDAP mechanism is that two users cannot
> > use the OpenOne server at the same time? I mean using openvpn-auth-ldap
Hi,
On Tue, Jan 09, 2024 at 07:20:24AM +, Peter Davis wrote:
> 1- So one of the benefits of using LDAP mechanism is that two users cannot
> use the OpenOne server at the same time? I mean using openvpn-auth-ldap
> package.
I fail to understand this question.
> 2- Regarding the third questi
>On Sunday, January 7th, 2024 at 3:50 PM, Gert Doering
>wrote:
> Hi,
>
> On Sun, Dec 31, 2023 at 09:07:09PM +, Peter Davis wrote:
>
> > 1- How can I find out if a user has shared the key with others?
>
>
> You can't, unless you combine the VPN connect with some other auth
> mechanism ("
> On Sunday, January 7th, 2024 at 3:50 PM, Gert Doering
> wrote:
> Hi,
>
> On Sun, Dec 31, 2023 at 09:07:09PM +, Peter Davis wrote:
>
> > 1- How can I find out if a user has shared the key with others?
>
>
> You can't, unless you combine the VPN connect with some other auth
> mechanism
Hi,
On Sun, Dec 31, 2023 at 05:43:52PM +, Peter Davis via Openvpn-users wrote:
> How can I limit the number of users based on a key? For example, only 10
> users can use a key at the same time.
No way to do that inside openvpn. You need to do something in --client-connect
script (or plugin)
35 matches
Mail list logo
