authentication via cert

How to customize and extend your OpenVPN installation.
Post Reply
zouminski9
OpenVpn Newbie
Posts: 1
Joined: Fri Aug 19, 2011 2:28 pm

authentication via cert

Post by zouminski9 » Fri Aug 19, 2011 2:44 pm

Hello,

i set an OpenVPn server on linux. I create some client. When i create server, i fill these informations on subject :
C, O, OU, CN.

I if i well understand ma y installation, all clients,who got certs created by an unique and same Ca(than server) CA succeed connecting to the VPN server ?

Is it possible to filter clients who are created by the same CA but with differents OU (organisation unit ) for example ?
How can i do that ?

Sorry for my english.

george
Forum Team
Posts: 117
Joined: Tue Jun 09, 2009 4:25 pm
Location: St. Louis, MO USA

Re: authentication via cert

Post by george » Fri Aug 19, 2011 3:02 pm

Is it possible to filter clients who are created by the same CA but with differents OU (organisation unit ) for example ?
How can i do that ?
If by filter, you mean give restrict them to an IP address and/or restrict thier access, then yes you can.

User avatar
janjust
Forum Team
Posts: 2703
Joined: Fri Aug 20, 2010 2:57 pm
Location: Amsterdam
Contact:

Re: authentication via cert

Post by janjust » Sat Aug 20, 2011 8:50 pm

you can restrict access for certain certificates using a 'tls-verify' script. Read the manual page for details. A sample 'tls-verify' script is, of course, also listed in my book :mrgreen:

Post Reply