How can I prevent users from connecting with non-approved devices?

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
guy
OpenVpn Newbie
Posts: 3
Joined: Tue May 23, 2017 3:20 pm

How can I prevent users from connecting with non-approved devices?

Post by guy » Tue May 23, 2017 3:46 pm

Our OpenVPN AS server setup is nearly finished. I have 20 licensed users, RADIUS integration for RBAC, two-factor authentication, routing is good and all traffic is controlled with a firewall for more granular control. I'm nearly ready to unveil this to my users, but it occurs to me that any user can just repeat the steps we've laid out for their work computers on their home PCs and they would be able to connect from devices that haven't been vetted by our team, and may not meet minimum security requirements.

Is there any mechanism that would prevent this?

rmkjr
OpenVpn Newbie
Posts: 1
Joined: Fri Jun 09, 2017 7:35 pm

Re: How can I prevent users from connecting with non-approved devices?

Post by rmkjr » Thu Jun 15, 2017 7:45 pm

the post auth script can check their adapter's MAC address. Their example script should give you a good starting point.

User avatar
novaflash
OpenVPN Inc.
Posts: 1073
Joined: Fri Apr 13, 2012 8:43 pm

Re: How can I prevent users from connecting with non-approved devices?

Post by novaflash » Fri Jun 16, 2017 6:57 am

It's better if you contact us through the support ticket system and request the latest document that describes how to do this, it has more information. It's called the Post-auth MAC address script.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.

Post Reply