On Tue, 18 Jan 2005, Charles Duffy wrote:
On Tue, 18 Jan 2005 11:18:48 +0100, Mathias Sundman wrote:
I have some problem with people installing OpenVPN on multiple computers
and then it would be helpful to see in the server log the hostname of the
Hmm. I just have a convention for CNs that goes like
<username>-<extraname>.vpn.company.com, where the key-generation
instructions document to the user that <extraname> should be something
that identifies the system they're using. (CSRs are manually reviewed
before signing, so IT can bounce back a certificate that fails to follow
As long as I don't use duplicate-cn, the users have plenty of motivation
to build extra certificates for their spare machines, and so I don't find
that the problem you describe is one that I have.
I don't use --duplicate-cn either. The problem is that all users don't
realize that using the same certificate on multiple machines causes
problems. They are not allowed to copy the certificate to another machine
at all, so even if they never connect simultainously, I want to know if
they connect from another machine than the allowed one.
I just think it would be useful to have some info about the connecting
system, like the hostname, in the server log.
Mathias Sundman (^) ASCII Ribbon Campaign
OpenVPN GUI for Windows X NO HTML/RTF in e-mail
http://www.nilings.se/openvpn / \ NO Word docs in e-mail
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
Openvpn-users mailing list