943,950 Members | Top Members by Rank

Hardware and Software > Linux and Unix > Linux Applications and Software > Openvpn howto question
Ad:
Permalink
Nov 16th, 2008
0

Openvpn howto question

Expand Post »
I'm going through the openvpn howto, section "Configuring client-specific rules and access policies", http://openvpn.net/index.php/documen...to.html#policy.

I understand how the network is segregated, different subnets for employees, sys admins and contractors.

I don't understand how openvpn identifies a user as either an employee, sys admin or contractor.

Is that what the next section, "Using alternative authentication methods" deals with? Does it involve using the openvpn-auth-pam plugin?

I don't see where else openvpn could recognize a user, other than if the client built it into their certificate.

For example, is this how it works:

You login with user sysadmin1 / some password via the openvpn-auth-pam plugin, openvpn recognizes the sysadmin1 user and invokes "ifconfig-push 10.8.1.1 10.8.1.2".
Reputation Points: 10
Solved Threads: 0
Junior Poster in Training
shwick is offline Offline
63 posts
since Oct 2008
Permalink
Nov 23rd, 2008
0

Re: Openvpn howto question

Hello shwick:

There are two ways to authenticate users to a vpn server. One way is to do it by shared-static keys. This method is the less secure of the two, and some people do not recommend it for production. The second and more secure method is via certificates. You create certificates for each client. The certificate, along with a password, are used to authenticate each client against your vpn server.

The process of creating certificates can be broken down in three steps:
1. Create your own Certificate Authority (CA) certificate.
2. Create an OpenVPN server certificate.
3. Generate client certificates.

Let me know how this goes, if you are still working on this.
I hope this helps.
Thanks.
--Willie
Reputation Points: 10
Solved Threads: 0
Light Poster
williebens is offline Offline
42 posts
since Jan 2008

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in Linux Applications and Software Forum Timeline: How much does a Mono commercial license cost?
Next Thread in Linux Applications and Software Forum Timeline: Server anti-virus software needed any suggestions?





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC