[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] handshake

  • Subject: Re: [Openvpn-users] handshake
  • From: Jean-Pierre Schwickerath <lists@xxxxxxxxxxxx>
  • Date: Tue, 4 Jan 2005 20:08:04 +0100

> aro aro
> my vpn is working... basically! :)
> i have more feel questions. :D
> if some user send his conf(cert) to other... this client can connect
> too... i dont want it happens. how do i do a UNIC configuration for
> EACH client securely?
> like... supose this client has this cert, mac addr, .., than he can
> get ip, connect and do the handshake. OK!

You can use the client-config-dir directive to configure various things
for each client connecting, e.g. Firewall rules. 
> but... if this user send his configuration(cert) to other? he can
> connect too! how can i avoid this?

You cannot avoid the user giving his credentials to somebody else. All
you can do is make him liable if something gets broken because of an
activity through his tunnel - but if you can't trust your users, then
you have another problem and no vpn will help you. 

Powered by Linux From Scratch - http://schwicky.net/
PGP Key ID: 0xEE6F49B4 - AIM/Jabber: Schwicky - ICQ: 4690141

Nothing is impossible... Everything is relative!

The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
Openvpn-users mailing list