|
|
Den 1. feb 2005, kl. 14:46, skrev Nathan Wood:
I have different groups of users that I'd like to provide different
access to
using more specific routes and limiting access to specific ports
through
iptables. I also have vendors that VPN into us, and I'd like to have
the ability
to shut down their access until it is specifically requested; it seems
that
using a one config file for each group of clients would be the best
way to do
his.
However, if I use the same CA system for each instance, users could
simply
change the port on their client config to access another instance of
OVPN which
would elevate their privilages.
Is it possible to run multiple instances of OpenVPN, each with its own
set of
client certificates that are allowed access? Would I have to run two
CA's and is
that even possible?
Using multiple CA and openvpn daemons is most likely the best solution.
But you might possibly also use client-config-dir and those scripts
that is
run at connection time to put people into groups.
Personally i use 3 CA's and 3 openvpn daemons.
JonB
____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users
|