Hi Marine, Marine B wrote: > Thanks for your answers, > > @Jan: so far we are using radius with client-cert-not-required, but we > will need two instance using the radius(one with higher privileges) > that's why I wanted to had something on top of the radius that we will > only give to those who are allowded to have higher privileges > > @Greg: That could be a solution, thank you > > Otherwise, I thought about using tls-auth (I know that it's not > supposed to be used this way) on the privileged instance. > for the higher privileged clients you could use certificates - adding 'client-cert-not-required' does not mean you cannot use certificates at all. The higher privileged clients can then be checked/verified using the appropriate client-connect/tls-verify and/or radius authZ check.
HTH, JJK > 2015-02-16 9:15 GMT+01:00 Gert Doering <[email protected] > <mailto:[email protected]>>: > > Hi, > > On Mon, Feb 16, 2015 at 08:48:11AM +0100, Marine B wrote: > > I would like to know if it is possible to use openvpn with a radius > > authentification > > Yes. > > > and a pre shared key for multiple user. I read that pre > > shared key can only be used for one connection (one client, one > server). > > Pre-Shared-Key is only valid for peer-to-peer use, not for > client-to-server > (multipoint). > > You can use the same certificate for all clients, though, if you > enable > --duplicate-cn on the server. > > gert > ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk _______________________________________________ Openvpn-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-users
