|
|
Please don't top-post. On Mon, 14 Mar 2005, Benjamin Adler wrote: On Sun, 13 Mar 2005 22:37:05 +0100, Benjamin Adler wrote: The reasons you give is for why you shouldn't use ony ONE certificate for all users. I'm pretty sure Charles didn't mean that. He ment that you should use a certificate to authenticate the un-attended machine instead of username/password. Unfortunally OpenVPN can't accept EITHER a certificate or username/password, so what I would do I were you is that I'd run two instances of OpenVPN on the server. One that accepts un-attendend machines using certificates only, where you don't encrypt the private key so the client machine does not have to provide any passphrase. In this case you could even import the cert/key to the MS CryptoStore, which makes it harder for an intruder to just copy a file containing the secrets needed to establish the OpenVPN tunnel. and a second instance accepting users authenticating with username/password. -- _____________________________________________________________ Mathias Sundman (^) ASCII Ribbon Campaign OpenVPN GUI for Windows X NO HTML/RTF in e-mail http://openvpn.se/ / \ NO Word docs in e-mail ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |