 |  |  |  |  |  |  |  |
Openvpn howto question
 |
I'm going through the openvpn howto, section "Configuring client-specific rules and access policies", http://openvpn.net/index.php/documen...to.html#policy.
I understand how the network is segregated, different subnets for employees, sys admins and contractors.
I don't understand how openvpn identifies a user as either an employee, sys admin or contractor.
Is that what the next section, "Using alternative authentication methods" deals with? Does it involve using the openvpn-auth-pam plugin?
I don't see where else openvpn could recognize a user, other than if the client built it into their certificate.
For example, is this how it works:
You login with user sysadmin1 / some password via the openvpn-auth-pam plugin, openvpn recognizes the sysadmin1 user and invokes "ifconfig-push 10.8.1.1 10.8.1.2".
I understand how the network is segregated, different subnets for employees, sys admins and contractors.
I don't understand how openvpn identifies a user as either an employee, sys admin or contractor.
Is that what the next section, "Using alternative authentication methods" deals with? Does it involve using the openvpn-auth-pam plugin?
I don't see where else openvpn could recognize a user, other than if the client built it into their certificate.
For example, is this how it works:
You login with user sysadmin1 / some password via the openvpn-auth-pam plugin, openvpn recognizes the sysadmin1 user and invokes "ifconfig-push 10.8.1.1 10.8.1.2".
Hello shwick:
There are two ways to authenticate users to a vpn server. One way is to do it by shared-static keys. This method is the less secure of the two, and some people do not recommend it for production. The second and more secure method is via certificates. You create certificates for each client. The certificate, along with a password, are used to authenticate each client against your vpn server.
The process of creating certificates can be broken down in three steps:
1. Create your own Certificate Authority (CA) certificate.
2. Create an OpenVPN server certificate.
3. Generate client certificates.
Let me know how this goes, if you are still working on this.
I hope this helps.
Thanks.
--Willie
There are two ways to authenticate users to a vpn server. One way is to do it by shared-static keys. This method is the less secure of the two, and some people do not recommend it for production. The second and more secure method is via certificates. You create certificates for each client. The certificate, along with a password, are used to authenticate each client against your vpn server.
The process of creating certificates can be broken down in three steps:
1. Create your own Certificate Authority (CA) certificate.
2. Create an OpenVPN server certificate.
3. Generate client certificates.
Let me know how this goes, if you are still working on this.
I hope this helps.
Thanks.
--Willie
|
Other Threads in the *nix Software Forum
- Previous Thread: How much does a Mono commercial license cost?
- Next Thread: Apache2 Subdomains (DynDNS)
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest *nix Software Posts
- Today's Posts
- Unanswered Threads