OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

How can I prevent users from connecting with non-approved devices?

https://forums.openvpn.net/viewtopic.php?t=24169

Page 1 of 1

How can I prevent users from connecting with non-approved devices?

Posted: Tue May 23, 2017 3:46 pm
by guy
Our OpenVPN AS server setup is nearly finished. I have 20 licensed users, RADIUS integration for RBAC, two-factor authentication, routing is good and all traffic is controlled with a firewall for more granular control. I'm nearly ready to unveil this to my users, but it occurs to me that any user can just repeat the steps we've laid out for their work computers on their home PCs and they would be able to connect from devices that haven't been vetted by our team, and may not meet minimum security requirements.

Is there any mechanism that would prevent this?

Re: How can I prevent users from connecting with non-approved devices?

Posted: Thu Jun 15, 2017 7:45 pm
by rmkjr
the post auth script can check their adapter's MAC address. Their example script should give you a good starting point.

Re: How can I prevent users from connecting with non-approved devices?

Posted: Fri Jun 16, 2017 6:57 am
by novaflash
It's better if you contact us through the support ticket system and request the latest document that describes how to do this, it has more information. It's called the Post-auth MAC address script.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/