Re: [Openvpn-users] Re: To Jon Bendtsen on Client AutoLogIn...

[Jon Bendtsen <jon.bendtsen@xxxxxxxxxx>]

Den fredag 10.mar kl. 1:31 skrev Jedliu:

> Jon Bendtsen,
> Hiï
>
> I got your meaning.Thx.
> But we are in a school and there'll be lots of Vpn client and
> by the way we've stored a sql of users and passwords.
> So i'm wondering it'll be easier to user password authenticating  
> method.

it will certainly be easier.


> But i'll be very glad to know what your opinion about using the  
> certificate way is.
> Some details to arrange?

If you dont want to create a certificate for each user, i would  
suggest at least
using ONE certificate and --duplicate-cn, because then an attacker  
would need
both a certificate and a user/password. Not much more security, but  
though higher.

However, if you have the usernames in an SQL, you could just select  
all the usernames
and create an individual certificate for each user.

Making it automatically logon is not hard. Just dont password protect  
the
certificate, and either make something that starts the tunnel at  
logon, or
run it as a service that starts at boot, or let the user start it  
manually using
a GUI (openvpn gui og kahalamicro's GUI)

I still dont understand why your clients cant be bothered to type in  
a password?




JonB


-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users