>On Friday, January 12th, 2024 at 12:04 AM, Jochen Bern <jochen.b...@binect.de> >wrote:
> On 11.01.24 20:35, Peter Davis via Openvpn-users wrote: > > > On Wednesday, January 10th, 2024 at 11:25 AM, Gert Doering > > g...@greenie.muc.de wrote: > > > > > On Wed, Jan 10, 2024 at 07:53:35AM +0000, Peter Davis wrote: > > > > > > > True, but I don't want to create a key for each employee in the > > > > department. > > > > > > Abandon that thought. We've been here before: you need unique keys per > > > user, everything else will just make your life painful and miserable. > > > > If each user has their own key, then there should be a Client.conf file > > for each user, which itself contains a unique IP address, a unique port > > and a unique TUN. For example, for 100 users, there are 100 configuration > > files, 100 IP addresses, 100 open ports and 100 TUNs. > > > Please specify whether you're talking about the server or the client > side setup; you're mostly wrong either way, but for different reasons. > > Unless you're setting up the most unused VPN solution ever, though, you > do need separate cert+privkey pairs for every device connecting to > the VPN. > > Kind regards, > -- > Jochen Bern > Systemingenieur > > Binect GmbH > _______________________________________________ > Openvpn-users mailing list > Openvpn-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-users Hello, Thanks again. Should I run the following commands for each client? $ ./easyrsa gen-req <client name> nopass $ ./easyrsa sign-req client <client name> If so, then the above commands will generate separate keys for each client, and each of those keys must be loaded into the configuration file! _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
