On Thu, 8 Jul 2004, James Yonan wrote:
On Thursday 08 July 2004 16:12, Mathias Sundman wrote:
On Thu, 8 Jul 2004, Aaron M. Hirsch wrote:
I'm wanting to setup openvpn to where it will hand out dhcp addresses,
via ifconfig-pool, and utilize a static key. We have no desire to
created 500+ tls keys at this time.
The problem that I'm running into is that I can't get opevpn to start
with the mode server and secret. It tells me that I have to use
I don't think you can. As far as I remember mode server only works with
tls (Just like the error msg said). This is because the server needs to be
able to know it advance which user is connecting to know which key to use.
With tls, the client authenticate it self, so this is no problem, but with
static keys, there is no such authentication, so you would have to use the
same static key for every client.
There are no plans at this point to support static keys in server mode,
If you inteded to use only one static key for all users, you could instead
create just one key/cert and use the --duplicate-cn option to allow
everyone to connect with the same certificate. James, does this have any
other drawbacks other than not having any log over who is connected, and
not the possibility to have individual configs or revoke individual certs.
I don't know how you intend to use openvpn, but if you have 500+ users,
don't you think you have the need for beeing able to revoke a key/cert, if
just one computer gets stolen or whatever, instead of having to roll out a
new key to every user?
Mathias Sundman (^) ASCII Ribbon Campaign
NILINGS AB X NO HTML/RTF in e-mail
Tel: +46-(0)8-666 32 28 / \ NO Word docs in e-mail
Openvpn-users mailing list