|
|
JJB wrote: > openvpn-status.log > > 10.8.0.42,james,76.168.58.183:49231,Thu Jan 31 11:55:48 2008 > 10.8.0.18,dave,24.8.71.104:53836,Thu Jan 31 11:58:18 2008 > 10.8.0.26,mark,76.246.148.210:4965,Wed Jan 30 18:06:46 2008 > 10.8.0.22,vpn-server,23.6.60.104:53085,Thu Jan 31 11:58:20 2008 > > Does anyone know why the server itself is connected via openvpn with the > 10.8.0.22? > > Could this happen if the server certificate or master certificate was > accidentally given to a user? > Yes, it could. If you build your client and server certificates with explicit key usage that indicates which certificates are client or server (for example using pkitool --server), you could use the ns-cert-type or remote-cert-tls in the server config to deny connections from server certificates that would otherwise have been accepted. James ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |