[OpenVPN home]	[Date Prev]	[Date Index]	[Date Next]
[OpenVPN mailing lists]	[Thread Prev]	[Thread Index]	[Thread Next]

Re: [Openvpn-users] Multiple OpenVPN instances

Subject: Re: [Openvpn-users] Multiple OpenVPN instances
From: Jon Bendtsen <jon.bendtsen@xxxxxxxxxx>
Date: Tue, 1 Feb 2005 15:11:40 +0100

Den 1. feb 2005, kl. 14:46, skrev Nathan Wood:

I have different groups of users that I'd like to provide different access to using more specific routes and limiting access to specific ports through iptables. I also have vendors that VPN into us, and I'd like to have the ability to shut down their access until it is specifically requested; it seems that using a one config file for each group of clients would be the best way to do his.

However, if I use the same CA system for each instance, users could simply change the port on their client config to access another instance of OVPN which would elevate their privilages.

Is it possible to run multiple instances of OpenVPN, each with its own set of client certificates that are allowed access? Would I have to run two CA's and is that even possible?

Using multiple CA and openvpn daemons is most likely the best solution. But you might possibly also use client-config-dir and those scripts that is run at connection time to put people into groups.

Personally i use 3 CA's and 3 openvpn daemons.

JonB


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-02/msg00008.html on line 204

Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-02/msg00008.html on line 204