|
|
merci Le Jeudi 05 Mai 2005 15:31, James Yonan a écrit : > On Thu, 5 May 2005, John E. Peterson wrote: > > That was actually and interesting question because I think it answers > > something that I noticed. IP addresses are tied to certificates. What > > seems to be wierd is that IP's seem to be created and tied in by the > > order the certs are logged in first time, NOT the number itself. > > > > What I have noticed for instance is if users log in first time in this > > order: > > > > cert02 ---> IP01 > > cert04 ---> IP02 > > cert01 ---> IP03 > > cert03 ---> IP04 > > > > that IP's are generated and "locked" in that order. > > Right, that's the designed behavior. IP addresses are tied to certs, and > certs can be fully alphabetic -- they don't need to have embedded numbers > in their common names. So OpenVPN allocates IP addresses in the order of > connection, not by extracting any embedded number in the common name. > > > In MY case, IP's then end up being locked to a particular workstation. > > (which 99% of the time is a particular user). Now, the question becomes, > > why do you want to assign IP's by USER? I happen to be running on a > > Windows Domain, so no matter what IP someone is from they are restricted > > by their login. > > If you are using user/pass auth (with or without certs), you can use the > "username-as-common-name" flag on the server to have OpenVPN use the > username rather than the common name as its "name" for the connection. > > James > > > JP > > ----- Original Message ----- > > From: "Charles Duffy" <cduffy@xxxxxxxxxxx> > > To: <openvpn-users@xxxxxxxxxxxxxxxxxxxxx> > > Sent: Wednesday, May 04, 2005 8:58 PM > > Subject: [Openvpn-users] Re: User-IP pair > > > > > On Wed, 04 May 2005 19:34:58 -0500, Luis Daniel Lucio Quiroz wrote: > > >> Is it a way to make OpenVPN to assign a IP to a particular User no > > >> matters > > >> on what workstation it's logged? > > > > > > Are certificates specific to the workstations or carried around by the > > > users (ie. on a USB key)? If the latter, it's easy -- use a > > > client-config-dir with config files specifying the IP to use, and there > > > you are. (OTOH, if your goal is to trace back from an IP to the user > > > who's logged on, you can dynamically add DNS entries as part of your > > > learn-address scripts, which is what I do; the IPs may vary, but the > > > addresses stay the same). Otherwise, you can use > > > username-as-common-name to have the client-config-dir indexed by > > > usernames; or you can have a client-connect script that looks at the > > > "username" variable to decide what IP to assign. > > > > > > So, yes -- there are several ways to do this. > > > > > > > > > > > > ------------------------------------------------------- > > > This SF.Net email is sponsored by: NEC IT Guy Games. > > > Get your fingers limbered up and give it your best shot. 4 great > > > events, 4 opportunities to win big! Highest score wins.NEC IT Guy > > > Games. Play to win an NEC 61 plasma display. Visit > > > http://www.necitguy.com/?r=20 > > > _______________________________________________ > > > Openvpn-users mailing list > > > Openvpn-users@xxxxxxxxxxxxxxxxxxxxx > > > https://lists.sourceforge.net/lists/listinfo/openvpn-users > > > > ------------------------------------------------------- > > This SF.Net email is sponsored by: NEC IT Guy Games. > > Get your fingers limbered up and give it your best shot. 4 great events, > > 4 opportunities to win big! Highest score wins.NEC IT Guy Games. Play to > > win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20 > > _______________________________________________ > > Openvpn-users mailing list > > Openvpn-users@xxxxxxxxxxxxxxxxxxxxx > > https://lists.sourceforge.net/lists/listinfo/openvpn-users > > ------------------------------------------------------- > This SF.Net email is sponsored by: NEC IT Guy Games. > Get your fingers limbered up and give it your best shot. 4 great events, 4 > opportunities to win big! Highest score wins.NEC IT Guy Games. Play to > win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20 > _______________________________________________ > Openvpn-users mailing list > Openvpn-users@xxxxxxxxxxxxxxxxxxxxx > https://lists.sourceforge.net/lists/listinfo/openvpn-users ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-05/msg00062.html on line 269 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-05/msg00062.html on line 269 |