Openvpn AS and client certificates

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
jehster
OpenVpn Newbie
Posts: 3
Joined: Wed May 03, 2017 1:38 pm

Openvpn AS and client certificates

Post by jehster » Wed May 03, 2017 1:52 pm

Hi,

I am quite sure that this question was put already but did not find the answer.

Is it possible to use client certificate with OpenVPN AS ?

In extension, is it possible to use certificate with Openvpn AS and ldap as authentication ?

(please don't be rude, I'm new here)

regards
Jerome

User avatar
novaflash
OpenVPN Inc.
Posts: 1073
Joined: Fri Apr 13, 2012 8:43 pm

Re: Openvpn AS and client certificates

Post by novaflash » Wed May 03, 2017 2:45 pm

The OpenVPN Access Server already by default generates and distributes client certificates.

LDAP credential checking is possible, the support for this is already built into the Access Server.

I suggest you install and test the Access Server. Simply install it without providing a license key. It will allow 2 simultaneous VPN connections in this demo mode, allowing you to test it without having to purchase first.

Good luck.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.

jehster
OpenVpn Newbie
Posts: 3
Joined: Wed May 03, 2017 1:38 pm

Re: Openvpn AS and client certificates

Post by jehster » Thu May 04, 2017 8:44 am

Hi,

Thanks for the answer, it's a really good news.
I already have an OpenVPN AS for testing but using PAM. As I connect with user/password on web interface, I thought that it was not using certificate but password.
It mean that if I remove user password, I can still connect to my openvpn ?

User avatar
novaflash
OpenVPN Inc.
Posts: 1073
Joined: Fri Apr 13, 2012 8:43 pm

Re: Openvpn AS and client certificates

Post by novaflash » Thu May 04, 2017 8:57 am

By default the Access Server uses client certificates + credentials to make a connection. You can extend that even with Google Authenticator.

But if you want to be able to make a connection with only a client certificate, then give a user the autologin privilege. If you install Connect Client after assigning that privilege, then a connection can be made with the stored autologin type profile with the embedded client certificate, without requiring credentials.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.

Post Reply