>On Tuesday, January 9th, 2024 at 11:33 AM, Gert Doering <g...@greenie.muc.de>
>wrote:
> Hi,
>
> On Tue, Jan 09, 2024 at 07:20:24AM +0000, Peter Davis wrote:
>
> > 1- So one of the benefits of using LDAP mechanism is that two users cannot
> > use the OpenOne server at the same time? I mean using openvpn-auth-ldap
> > package.
>
>
> I fail to understand this question.
>
> > 2- Regarding the third question, I did not express my meaning well. Suppose
> > there are several departments in a company and you want to generate
> > separate keys for each department, in this situation each department must
> > have its own server and client keys. Is it right?
>
>
> No.
>
> gert
>
> --
> "If was one thing all people took for granted, was conviction that if you
> feed honest figures into a computer, honest figures come out. Never doubted
> it myself till I met a computer with a sense of humor."
> Robert A. Heinlein, The Moon is a Harsh Mistress
>
> Gert Doering - Munich, Germany g...@greenie.muc.de
Hi,
1- I asked "How can I find out if a user has shared the key with others?" and
you told me "You can't, unless you combine the VPN connect with some other auth
mechanism ("username + password", etc.). But generally speaking, users will not
do this, as OpenVPN will (by default) not permit two parallel connections with
the same cert - so the second user will kick out the first, and vice versa.
Unpleasant user experience.".
I'd like to use something like a MAC address filtering mechanism, but that
would require scripting and I don't know how to do that. I want no one to be
able to connect to the OpenVPN server without permission.
2- What's the solution? Should I generate one server key and multiple client
keys? Isn't it better if each department has its own server key?
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
