|
|
Chuck Bunn wrote: > As a secondary layer of protection and as a precaution against someone > accessing a VPN through a stolen laptop (yes I know I can revoke a > certificate but what happens if the user does not report the theft > immediately) - how do I set OpenVPN to ask for a password before > connecting with the certificate. I tried 'build-key-pass' during key > generation and this did not work (I assume that it will ask for a > password before the key can be opened for viewing). I am thinking of > something along the lines of a preshared key??? To have the server require that the client provide a username/password pair, see the auth-user-pass directive. Passwords used to encrypt a key, which supported, are less valuable from a security perspective because the user can change them; having a separate username/password pair which is authenticated on the server side (rather than used to decrypt a key on the client side) is preferable. _______________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-06/msg00049.html on line 192 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-06/msg00049.html on line 192 |