[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Re: Post 2.0 feature request

  • Subject: Re: [Openvpn-users] Re: Post 2.0 feature request
  • From: Mathias Sundman <mathias@xxxxxxxxxx>
  • Date: Tue, 18 Jan 2005 21:44:58 +0100 (CET)

On Tue, 18 Jan 2005, Charles Duffy wrote:

On Tue, 18 Jan 2005 11:18:48 +0100, Mathias Sundman wrote:

I have some problem with people installing OpenVPN on multiple computers
and then it would be helpful to see in the server log the hostname of the
client computer.

Hmm. I just have a convention for CNs that goes like <username>-<extraname>.vpn.company.com, where the key-generation instructions document to the user that <extraname> should be something that identifies the system they're using. (CSRs are manually reviewed before signing, so IT can bounce back a certificate that fails to follow this convention).

As long as I don't use duplicate-cn, the users have plenty of motivation
to build extra certificates for their spare machines, and so I don't find
that the problem you describe is one that I have.

I don't use --duplicate-cn either. The problem is that all users don't realize that using the same certificate on multiple machines causes problems. They are not allowed to copy the certificate to another machine at all, so even if they never connect simultainously, I want to know if they connect from another machine than the allowed one.

I just think it would be useful to have some info about the connecting system, like the hostname, in the server log.

Mathias Sundman                  (^)   ASCII Ribbon Campaign
OpenVPN GUI for Windows           X    NO HTML/RTF in e-mail
http://www.nilings.se/openvpn    / \   NO Word docs in e-mail

------------------------------------------------------- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt _______________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users