|
|
im right your problem is that u cant stop clients from connecting with the same client cert to the second vpn server while the cert is connected to the first vpn server? to revoke a cert globally you may use a central "crl-verify" - pem file on a nfs store or u sync the pem file to all vpn server... but u surely got somethink like this.. =) may a great solution is openvpn with radius: http://www.nongnu.org/radiusplugin/ but i've never tested it... overall u may have a look at the /"auth-user-pass-verify"/ option in openvpn. u can create a script to verify username and password where u may check if the user is connected on another vpn server, too. marco Aminuddin Abdullah wrote: > I have plenty of users that need to use my VPN servers. > There are more than 7 servers serving more than 500 users at any one > time but at the moment each client will try to connect to one of the > servers randomly. > > Each client is issued one certificate for identification and > authentication and each client is suppose to have only one connection > / one PC at anytime. However this load balancing/clustering of OpenVPN > is not possible cause user can still use his cert on another > workstation but connected to another vpn server. > > Is there any mechanism that will control all login centrally and then > connect the users to the vpn servers using only their user ID? Any > sample design that I can look at? > Thanks > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2005. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > ------------------------------------------------------------------------ > > _______________________________________________ > Openvpn-users mailing list > Openvpn-users@xxxxxxxxxxxxxxxxxxxxx > https://lists.sourceforge.net/lists/listinfo/openvpn-users > ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |