Community Support Forum
 
  OpenVPN.net  •  Forum Index  •  FAQ  

It is currently Sun Apr 20, 2014 1:18 pm




Post new topic Reply to topic  [ 4 posts ] 
 Different users logging with the same cert file 
Author Message
 Post subject: Different users logging with the same cert file
PostPosted: Tue Dec 04, 2012 9:33 pm 
OpenVpn Newbie

Joined: Tue Dec 04, 2012 2:00 pm
Posts: 2
Hi all,
is there a way to deny different user to log with openvpn with a specific client certificate?
Because on my tests, i´ve generated a client cert that i can log with "user1-pass1" or "user2-pass2".
Thanks.


Offline
 Profile  
 
 Post subject: Re: Different users logging with the same cert file
PostPosted: Wed Dec 05, 2012 4:48 pm 
Forum Team
User avatar

Joined: Wed Jan 12, 2011 9:23 am
Posts: 2790
Location: Athens,Greece
hi there,

if you use certificates yes you can block a client with a number of ways....

please post your configs and i will help you out

Michael.

_________________
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Mitsubishi Evo IX Rules! (HKS EVC-S ,HKS TBE,HKS suction kit ,HKS Type R IC,Walbro 255 ,HKS 272/278, Motec m800OEM)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)


Offline
 Profile  
 
 Post subject: Re: Different users logging with the same cert file
PostPosted: Fri Dec 07, 2012 1:48 pm 
OpenVpn Newbie

Joined: Tue Dec 04, 2012 2:00 pm
Posts: 2
this is my /etc/openvpn/server.conf

local 10.1.1.2 #- your_server_ip goes here
port 1194 #- port
proto udp #- protocol
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
#client-cert-not-required
username-as-common-name
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
client-to-client
keepalive 5 30
comp-lzo
persist-key
persist-tun
status /var/log/openvpn/openvpn.log
log /var/log/openvpn/openvpn.log
log-append /var/log/openvpn/openvpn.log
verb 3


Offline
 Profile  
 
 Post subject: Re: Different users logging with the same cert file
PostPosted: Fri Dec 07, 2012 7:56 pm 
Forum Team
User avatar

Joined: Wed Jan 12, 2011 9:23 am
Posts: 2790
Location: Athens,Greece
hi there,

to lock out a client you can do it by:

a) creating crl list and revoke his cert

or by using ccd files you can:

b) add disable directive inside his ccd file

-or-

c) use ccd-exclusive directive inside server config and make sure
that there isnt ccd file for this client

the b & c can easily undone, in a you must issue a new cert

Michael.

_________________
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Mitsubishi Evo IX Rules! (HKS EVC-S ,HKS TBE,HKS suction kit ,HKS Type R IC,Walbro 255 ,HKS 272/278, Motec m800OEM)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)


Offline
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 


 Who is online 

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  


phpBB SEO
[ Time : 0.377s | 14 Queries | GZIP : On ]

 
Index  |  FAQ


Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group