[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] multiple tls-remote, or tls-verify

  • Subject: Re: [Openvpn-users] multiple tls-remote, or tls-verify
  • From: "Alon Bar-Lev" <alon.barlev@xxxxxxxxx>
  • Date: Wed, 16 Aug 2006 21:59:06 +0300


I don't understand the scenario.
Which is the client and which is the server?
Why you connect to client machines?
Do you work peer-to-peer?

Best Regards,
Alon Bar-Lev.

On 8/16/06, Nagy Tamás <tamaslev@xxxxxxxxx> wrote:
> Hello,
> I have a few openvpn installations with tls-remote <companyname> in the
> config file. I issue certificates with common name = companyname_username,
> so they can only logon if companyname matches in the certificate with
> tls-remote.
> Now I would like to issue a few master keys, and these should be able to
> logon to any machines. For example common name = Master_username. So the
> openvpn server would have to check if the connecting client's commonname
> beigns with companyname OR Master, then login is permitted.
> Can this be done somehow? I tried tls-verify, but my script gets called with
> an argument list, where the second one is the server certificate's
> commonname. If I could get the connecting client's CN, that would solve the
> problem. Or if I could use tls-remote twice.
> Any suggestions appreciated.
> --
> Tamás Nagy
> -------------------------------------------------------------------------
> Get stuff done quickly with pre-integrated technology to make your job
> easier
> _______________________________________________
> Openvpn-users mailing list______________________
OpenVPN mailing lists