[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] best practice

  • Subject: Re: [Openvpn-users] best practice
  • From: Jon Bendtsen <jon.bendtsen@xxxxxxxxxx>
  • Date: Mon, 6 Mar 2006 15:54:51 +0100
Den mandag 6.mar kl. 15:36 skrev Artur Rodrigues:

Pretty soon I will be implementing an OpenVPN server which connects different clients from different companies (the clients that belong to company X can only have access to its own network). I wonder from the list’s experience if there would be a best practice for this scenario. 
Yes there are some things worth considering...

Run multiple openvpn daemons, and use one daemon pr. company.
Further more, use a different CA for each company.

EJBCA can handle multiple CA and RA's and thus your clients can generate
their own certificates, and using my extension, that can generate a windows
installer complete with GUI, certificate and configuration file. And yes, my
extension can naturally handle multiple configurations, versions, ... all depending
on the CA, the company name, the group inside the company, ... and even pr. user.

EJBCA sends a one time password to the client using mail, which lets the
client generate the certificate and download it. It is rather secure, because
if the certificate is already generated when the legitimate user arrives, then
the user is rejected, and the user SHOULD alert you, then you can revoke
the certificate created by the bad guy before the legitimate user arrived.

Easy deployment which is secure enough.


You miight also take a look at
	http://iscs.sourceforge.net/
John's project seems pretty smart.


Other than that you can use --client-config-dir to have different server configs
for each user. And the --client-connect script can also have different setups
pr. group/user/company/...





-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users


Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-03/msg00082.html on line 215

Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-03/msg00082.html on line 215