[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] restrict connections to specific hardware

  • Subject: Re: [Openvpn-users] restrict connections to specific hardware
  • From: <nobledark@xxxxxxxxxxxx>
  • Date: Thu, 18 Oct 2007 06:00:16 -0400

While it is not really a hardware solution, if using Windows you 
could use PKI and import the cert into the local crypto store which 
would make it a bit harder to move the VPN configuration.

 - Nd

On Wed, 17 Oct 2007 10:43:42 -0400 Akolinare <akolinare@xxxxxxx> 
>I want to prevent that my users can install openvpn and simply 
>copy the configuration files to any "hardware". So they are able 
>to connect from any PC to the network. I want to restrict them to 
>a specific hardware. I search the mailing list and the 
>documentation, but I was not able to find a topic about this..
>If there is a chance to check if the system belongs to a certain 
>windows domain? This would be a adequate verification.
>I have a look at the MAC adresses of the clients. In principle a 
>list of the TAP32 MAC adresses could create a set of iptables 
>rules only accept the known MAC adresses. I thought to remember 
>that the MAC adress of TAP32 device could change under certain 
>conditions. If the MAC adress of the TAP device change from time 
>to time it would be no option. Please correct me if Im wrong.
>Have anybody already experience in restricting clients to 
>"hardware"? I would be thankful for any help.
>best regards
>  akolinare
>This SF.net email is sponsored by: Splunk Inc.
>Still grepping through log files to find problems?  Stop.
>Now Search log events and configuration files using AJAX and a 
>Download your FREE copy of Splunk now >> http://get.splunk.com/
>Openvpn-users mailing list

Openvpn-users mailing list