-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Sent with Proton Mail secure email. ------- Original Message ------- On Monday, August 14th, 2023 at 14:13, Jason Long via Openvpn-users <openvpn-users@lists.sourceforge.net> wrote: > Hello, > To increase the security of OpenVPN, I want to use the ccd-exclusive. --ccd-exclusive does not "increase the security of OpenVPN". What it does it to provide a server with a convenient way to temporarily, disable certain clients by client commonName. This convenience means that the client certificate does not need to be revoked. And the client can have access to the server restored simply by (re-)creating a CCD file. --ccd-exclusive means that the server will ONLY allow clients access if they have a CCD file in the folder configured by --client-connect-dir. > I googled it, but I could not find a good example. I just found the following > question: > > https://serverfault.com/questions/877201/limit-access-to-remote-server-via-particular-vpn I strongly recommend that your search starts with the Openvpn manual: https://build.openvpn.net/man/openvpn-2.6/openvpn.8.html EVERY option is described in the manual. > But, I really don't know what to do. > I must create a directory under the "/etc/openvpn", then create a file with > the name of clients in it? For example, if my Windows client host name is > "Client-1", then: > > # mkdir /etc/openvpn/clients > # touch /etc/openvpn/clients/Client-1 > > Then, in server.conf: > > client-config-dir clients > ccd-exclusive > > Am I right? Yes. However, I strongly recommend that you learn the difference between "absolute paths" verses "relative paths". (Out of scope for this mailing list) > How about the client configuration? Do I need to add anything? No. Do exactly as the manual (above) describes. HTH tct -----BEGIN PGP SIGNATURE----- Version: ProtonMail wsBzBAEBCAAnBYJk2jAcCZBPl5z2a5C4nRYhBAm8PURno41yecVVVU+XnPZr kLidAABp0wf/b8jrorfOi9WfhfRE8YvgGr7vbkwXlrofzEEdW7MVRWYv5/vm rpHrsVSzYV23PMMWUSGe0gWRRcSuJ4c2L6j1f0mQnXTEU3qXiyTUhwW5EnjL 9ARTeWRCeElIDs5DTOvPqNSqt1qqNAlRZmtYyVafJZNgpCdBQIADDY1Ih+7S hAPISxDe2nQ9+Yqzi8MpVqhf74ZCp/Zh3OQ6sKQhfmizS+BJ4S4crTqHgasB U5jNZAQgWNjD+2UlMTfpZj2GwbCcF3EZ42Qj4HgdSxJarAHpf1rPQ0NLHviC 9QnaYudaG4ZE9NBh5mmmCuyCbE2K8gMb7CZHnMyGpF2Ee2r/4kKWNA== =Hwqp -----END PGP SIGNATURE-----
publickey - tincantech@protonmail.com - 0x09BC3D44.asc
Description: application/pgp-keys
publickey - tincantech@protonmail.com - 0x09BC3D44.asc.sig
Description: PGP signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
