|
|
Jan Johansson wrote:
But, now I wonder where to find documentation about how to do the following
1. Add a username/password authentication, or just a pin-code in order to prevent a possible stolen machine to connect before the cert can be revoked. auth-user-pass-verify (or a corresponding plugin) on the server, auth-user-pass on the client. This is in the man page. 2. How do I refuse a given client certificate the right to connect?
In the former case, use CRLs. In the latter you have a number of options -- a tls-verify script, ccd-exclusive (with client-config-dir files for all clients expected to be *allowed* to connect), or others. This is in the man page, and been discussed on-list multiple times.
Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-01/msg00095.html on line 190 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-01/msg00095.html on line 190 |