[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] server logging into itself?


  • Subject: Re: [Openvpn-users] server logging into itself?
  • From: James Yonan <jim@xxxxxxxxx>
  • Date: Thu, 31 Jan 2008 21:34:12 -0700

JJB wrote:
> openvpn-status.log
>
> 10.8.0.42,james,76.168.58.183:49231,Thu Jan 31 11:55:48 2008
> 10.8.0.18,dave,24.8.71.104:53836,Thu Jan 31 11:58:18 2008
> 10.8.0.26,mark,76.246.148.210:4965,Wed Jan 30 18:06:46 2008
> 10.8.0.22,vpn-server,23.6.60.104:53085,Thu Jan 31 11:58:20 2008
>
> Does anyone know why the server itself is connected via openvpn with the 
> 10.8.0.22?
>
> Could this happen if the server certificate or master certificate was 
> accidentally given to a user?
>   


Yes, it could.  If you build your client and server certificates with 
explicit key usage that indicates which certificates are client or 
server (for example using pkitool --server), you could use the 
ns-cert-type or remote-cert-tls in the server config to deny connections 
from server certificates that would otherwise have been accepted.

James

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users