Hi, On Tue, Jan 09, 2024 at 10:06:33AM +0000, Peter Davis wrote: > I'd like to use something like a MAC address filtering mechanism, but that > would require scripting and I don't know how to do that. I want no one to be > able to connect to the OpenVPN server without permission.
If a user has no key, they have no permission. If you give them a key,
you have given them permission.
If you want stronger auth, add --auth-user-pass and (for example) an LDAP
backend, so users need to have a key *and* know a password.
> 2- What's the solution? Should I generate one server key and multiple client
> keys? Isn't it better if each department has its own server key?
Do you have one server per department, or one server for all?
It makes sense to have one server key *per server*, but whether or not
that is "per department" depends on what you are trying to achieve.
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany [email protected]
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-users
