|
|
On Fri, 14 Jan 2005 08:54:19 +0100, Klavs Klavsen wrote: > 1) Can I get the openvpn connection registered as a "dial-up > connection", so my users can select "log on using dial-up connection" as > they can with a ipsec VPN connection? I don't believe so. However, that may not be too problematic... > Thing is, I'd like to authenticate them, before they get access to the > company net, but I'd also like the machine to not just log them in with > cached credentials Can they just use the GUI to start OpenVPN before accessing resources on the VPN? See http://www.nilings.se/openvpn/. What cached credentials are you referring to? OpenVPN doesn't use Kerberos (or Microsoft's bastardized Active Directory version of the same), so there's no question of the Kerberos ticket cache being used to authenticate. You can use the "inactive" directive to force the tunnel to close after a period of inactivity. > and then they can open the tunnel to get connected - as I'm not sure > that will handle forced password changes, and it won't run my login > scripts either :( I'm not quite sure what you're referring to here. Are these login scripts for the client or the server? Which password are you referring to? (System password? auth-user-pass password? private-key-encryption password?) > 2) I've found that you should be able to assign ip address-pools to > users, based on their login-name/group-membership, but I have found no > examples of how this is done.. Could you point me in the right > direction? Assign certificates to clients such that their CN is sufficient to determine their login name or like information. In your client-connect script on the server, place "ifconfig-push <desired-ip> <netmask>" in the file specified as the first command line option to give clients the IP you wish them to have. Mind you, this assigns specific addresses, rather than selecting from multiple pools. I don't believe that having multiple pools handled by a single server instance is supported. ------------------------------------------------------- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt _______________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |