Hi, On Tue, Jan 16, 2024 at 07:10:02AM +0000, Peter Davis via Openvpn-users wrote: > Hi, > Thanks again. > So, if I delete the client keys from the OpenVPN server, > the clients can still connect to the server.
Yes.
> 1- Is "pki/ca.crt" unique for each client?
No. This is the CA's certificate, acting as a trusted introducer - this
is the glue that enables both ends to verify each other's certificates,
by having a signature from the CA, verifiable with the *same* ca.crt.
> 2- You said that if I use authentication based on username and password,
> then two people cannot connect to the server at the same time with the
> same username and password. Is this possible if each client has its own
> unique key?
I said that OpenVPN will (by default) disallow multiple logins with the same
client key+cert.
Username + password is an extra bonus to control who is allowed in and
who is not, or introduce 2FA requirements, etc.
> For example, if I generate a client key and share it with 100 people
I'm not willing to answer questions that start with "share client key".
Don't. Ever.
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany [email protected]
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-users
