>On Tuesday, January 9th, 2024 at 11:33 AM, Gert Doering <[email protected]> >wrote:
> Hi, > > On Tue, Jan 09, 2024 at 07:20:24AM +0000, Peter Davis wrote: > > > 1- So one of the benefits of using LDAP mechanism is that two users cannot > > use the OpenOne server at the same time? I mean using openvpn-auth-ldap > > package. > > > I fail to understand this question. > > > 2- Regarding the third question, I did not express my meaning well. Suppose > > there are several departments in a company and you want to generate > > separate keys for each department, in this situation each department must > > have its own server and client keys. Is it right? > > > No. > > gert > > -- > "If was one thing all people took for granted, was conviction that if you > feed honest figures into a computer, honest figures come out. Never doubted > it myself till I met a computer with a sense of humor." > Robert A. Heinlein, The Moon is a Harsh Mistress > > Gert Doering - Munich, Germany [email protected] Hi, 1- I asked "How can I find out if a user has shared the key with others?" and you told me "You can't, unless you combine the VPN connect with some other auth mechanism ("username + password", etc.). But generally speaking, users will not do this, as OpenVPN will (by default) not permit two parallel connections with the same cert - so the second user will kick out the first, and vice versa. Unpleasant user experience.". I'd like to use something like a MAC address filtering mechanism, but that would require scripting and I don't know how to do that. I want no one to be able to connect to the OpenVPN server without permission. 2- What's the solution? Should I generate one server key and multiple client keys? Isn't it better if each department has its own server key? _______________________________________________ Openvpn-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-users
