|
|
On Wed, 16 Mar 2005 08:23:07 +0800, Gmail wrote: > openvpn 2.0 on debian > If i have two individual VPN Network, VPN Network Aand VPN Network B. > A is a full VPN system and has created a CA > B is also a full VPN system and have its own CA . > both of them works very well seperately, but a client in A want to connet > to the server in B. > how could this work, without the same CA. > Can openvpn handel this kind of thing? can you give me some advice? Please don't send HTML mail to the list -- it comes out as junk on the GMANE NNTP mirror. What are you trying to accomplish here? Generally speaking, the client in A isn't *supposed* to be able to connect to the server B -- if it could, then individual C (who made their own CA) could connect to networks A and B, and that would be a Bad Thing -- and if someone wants to be a client on both network A and network B, they can simply have separate certificates for each connection. That said, the PEM file specified with "--ca" can specify multiple certificate authorities. If you want a client to authenticate a different server using a different CA, or a server to authenticate clients with certificates signed by an alternate CA, you can have the CA files on both of these systems contain certificates for both authorities they're supposed to accept. ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |