Jan Johansson wrote:
But, now I wonder where to find documentation about how to do the
following
The man page is a good bet.
1. Add a username/password authentication, or just a pin-code in order
to prevent a possible stolen machine to connect before the cert can be
revoked.
auth-user-pass-verify (or a corresponding plugin) on the server,
auth-user-pass on the client. This is in the man page.
2. How do I refuse a given client certificate the right to connect?
Permanently or temporarily?
In the former case, use CRLs.
In the latter you have a number of options -- a tls-verify script,
ccd-exclusive (with client-config-dir files for all clients expected to
be *allowed* to connect), or others.
This is in the man page, and been discussed on-list multiple times.
____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users
|