[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] How-To Centralized Sign on?


  • Subject: Re: [Openvpn-users] How-To Centralized Sign on?
  • From: Marco Fretz <mailinglist@xxxxxxx>
  • Date: Mon, 10 Sep 2007 14:17:06 +0200

im right your problem is that u cant stop clients from connecting with 
the same client cert to the second vpn server while the cert is 
connected to the first vpn server?

to revoke a cert globally you may use a central "crl-verify" - pem file 
on a nfs store or u sync the pem file to all vpn server... but u surely 
got somethink like this.. =)

may a great solution is openvpn with radius: 
http://www.nongnu.org/radiusplugin/
but i've never tested it...

overall u may have a look at the /"auth-user-pass-verify"/ option in 
openvpn. u can create a script to verify username and password where u 
may check if the user is connected on another vpn server, too.



marco

Aminuddin Abdullah wrote:
> I have plenty of users that need to use my VPN servers.
> There are more than 7 servers serving more than 500 users at any one 
> time but at the moment each client will try to connect to one of the 
> servers randomly.
>
> Each client is issued one certificate for identification and 
> authentication and each client is suppose to have only one connection 
> / one PC at anytime. However this load balancing/clustering of OpenVPN 
> is not possible cause user can still use his cert on another 
> workstation but connected to another vpn server.
>
> Is there any mechanism that will control all login centrally and then 
> connect the users to the vpn servers using only their user ID? Any 
> sample design that I can look at?
> Thanks
> ------------------------------------------------------------------------
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2005.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> ------------------------------------------------------------------------
>
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>   

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users