Hi,
On Fri, Apr 1, 2016 at 12:13 PM, Kapetanakis Giannis <[email protected]
.gr> wrote:
> Hi,
>
> Is there an option (i can't find on man) that will allow admin to
> restrict access to certain users?
>
There are several ways to do this:
(i) --tls-verify verify.sh
In verify.sh you could check the common name against a list and deny access
(ii) --auth-user-pass-verify verify.sh
maybe used similarly but with username/password. For this to work without
having the clients
to actually send username/password, also add
--auth-user-pass-optional
and use common-name to identify the client. One advantage of (ii) over (i)
is that it can optionally support username/password authentication.
(iii) --management-client-auth
This needs a verify script that will connect via the management interface
and handle auth requests from openvpn.
May be combined with "--auth-user-pass-optional" and has an advantage that
a custom error message may be sent back to the client.
Though (i) and (ii) are easier to implement, (iii) is the only way I know
that supports a customized failure message.
Selva
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785471&iu=/4140
_______________________________________________
Openvpn-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-users
