|
|
Hi,
I'm setting up VPN for my network and I think the following option, if
existed, would nicely simplify my server configuration:
--ccd-exclusive
Refuse the connection of client whose
X509 Common Name is *not* found --client-config-dir.
Upon connection, I'm binding a fixed intranet IP address to each CN my
CA have signed. So I will maintain the table with the unique CN <->
IP_address relation. While the --ccd-exclusive does not exists, I
understand that I have to
1) convert my CN <-> IP_address table to client-config-dir,
2) set up the tls-verify script checking if the CN is allowed.
If the --ccd-exclusive would exist, I only need step 1).
Is it considerable? I think such feature would advance the usability
and simplicity, although there would be one more option on the big man
page to learn...
Vlada
Attachment:
signature.asc
Description: OpenPGP digital signature
|