[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Re: To Jon Bendtsen on Client AutoLogIn...


  • Subject: Re: [Openvpn-users] Re: To Jon Bendtsen on Client AutoLogIn...
  • From: Jon Bendtsen <jon.bendtsen@xxxxxxxxxx>
  • Date: Fri, 10 Mar 2006 08:31:13 +0100

Den fredag 10.mar kl. 1:31 skrev Jedliu:

Jon Bendtsen,
Hiï

I got your meaning.Thx.
But we are in a school and there'll be lots of Vpn client and
by the way we've stored a sql of users and passwords.
So i'm wondering it'll be easier to user password authenticating method.

it will certainly be easier.


But i'll be very glad to know what your opinion about using the certificate way is.
Some details to arrange?

If you dont want to create a certificate for each user, i would suggest at least
using ONE certificate and --duplicate-cn, because then an attacker would need
both a certificate and a user/password. Not much more security, but though higher.


However, if you have the usernames in an SQL, you could just select all the usernames
and create an individual certificate for each user.


Making it automatically logon is not hard. Just dont password protect the
certificate, and either make something that starts the tunnel at logon, or
run it as a service that starts at boot, or let the user start it manually using
a GUI (openvpn gui og kahalamicro's GUI)


I still dont understand why your clients cant be bothered to type in a password?




JonB


------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users