[OpenVPN home]	[Date Prev]	[Date Index]	[Date Next]
[OpenVPN mailing lists]	[Thread Prev]	[Thread Index]	[Thread Next]

Re: [Openvpn-users] Static IP assignment and authorization

Subject: Re: [Openvpn-users] Static IP assignment and authorization
From: James Yonan <jim@xxxxxxxxx>
Date: Fri, 06 Jan 2006 14:06:39 -0700

Ralf Hildebrandt wrote:

By creating individual SSL Certificates and per-User settings in
/etc7openvpn/ccd/<cn_of_the_certificate> we're able to assign static
IP addresses to our VPN clients. So far, so good.

We also use "auth-user-pass" and the user needs to specify his/her
email passwort to gain VPN access to our net. So far so good.

But can I prevent a user from using HIS SSL certificate but somebody
else's credentials?

E.g. he/she uses the cert with the cn hildeb.vpn.charite.de, but uses
the username "someotheruser" and the appropriate password?

I wonder if it's possible to tie the use of the username hildeb to the
certificate with the cn hildeb.vpn.charite.de, e.g. using a map that
specifies:

hildeb hildeb.vpn.charite.de otheruser otheruser.vpn.charite.de

Check out this post from the archive:

http://openvpn.net/archive/openvpn-users/2005-09/msg00244.html

A simple script is provided to ensure that the username matches up with the certificate, when using both client cert and user/password authentication.

James


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-01/msg00128.html on line 196

Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-01/msg00128.html on line 196