Den fredag 10.mar kl. 1:31 skrev Jedliu:
Jon Bendtsen, Hiï
But i'll be very glad to know what your opinion about using the certificate way is.
If you dont want to create a certificate for each user, i would suggest at least
using ONE certificate and --duplicate-cn, because then an attacker would need
both a certificate and a user/password. Not much more security, but though higher.
However, if you have the usernames in an SQL, you could just select all the usernames
and create an individual certificate for each user.
Making it automatically logon is not hard. Just dont password protect the
certificate, and either make something that starts the tunnel at logon, or
run it as a service that starts at boot, or let the user start it manually using
a GUI (openvpn gui og kahalamicro's GUI)
I still dont understand why your clients cant be bothered to type in a password?