Just one arch .ovpn for all clientes.

Post Reply
geneilson
OpenVpn Newbie
Posts: 3
Joined: Tue Aug 27, 2019 7:54 pm

Just one arch .ovpn for all clientes.

Post by geneilson » Tue Aug 27, 2019 7:59 pm

Can I create a single .ovpn file for all registered clients to connect using the PAM method?
Just need them enter user and password.

Settlements.
Thanks.

novaflash
I should be on the dev team.
Posts: 978
Joined: Fri Apr 13, 2012 8:43 pm

Re: Just one arch .ovpn for all clientes.

Post by novaflash » Tue Aug 27, 2019 8:15 pm

Sure. Just create one user account. Go to Advanced VPN and make sure multiple concurrent connections is enabled. Then you can use that same .ovpn file and username and password for all VPN connections. Of course this does lower your security. Consider what happens when this ever leaks out? You would have to reset password and this would affect all users. And the client private key, if that leaks, you should consider revoking it and getting a new one. That means getting a new .ovpn file for everyone. So, yes, possible. Wise? Not so much. But it's your choice.

geneilson
OpenVpn Newbie
Posts: 3
Joined: Tue Aug 27, 2019 7:54 pm

Re: Just one arch .ovpn for all clientes.

Post by geneilson » Tue Aug 27, 2019 8:58 pm

novaflash wrote:
Tue Aug 27, 2019 8:15 pm
Sure. Just create one user account. Go to Advanced VPN and make sure multiple concurrent connections is enabled. Then you can use that same .ovpn file and username and password for all VPN connections. Of course this does lower your security. Consider what happens when this ever leaks out? You would have to reset password and this would affect all users. And the client private key, if that leaks, you should consider revoking it and getting a new one. That means getting a new .ovpn file for everyone. So, yes, possible. Wise? Not so much. But it's your choice.
Thanks for the answer.
But my intention is not to give the same login and password to all clients but to use their login and password but they use the same .ovpn file.

novaflash
I should be on the dev team.
Posts: 978
Joined: Fri Apr 13, 2012 8:43 pm

Re: Just one arch .ovpn for all clientes.

Post by novaflash » Tue Aug 27, 2019 9:33 pm

You're describing what happens by default. By default you get an OpenVPN connect client installer with a server-locked profile. It is valid for all valid users on the Access Server. Each user still gets his own certificate, but it just gets dynamically retrieved from the Access Server by entering user name and password.

See this page for an explanation of connection profiles and the three types; server-locked, user-locked, and auto-login.
https://openvpn.net/vpn-server-resource ... nstallers/

geneilson
OpenVpn Newbie
Posts: 3
Joined: Tue Aug 27, 2019 7:54 pm

Re: Just one arch .ovpn for all clientes.

Post by geneilson » Tue Aug 27, 2019 10:00 pm

Thanks for the answer.

By default each user needs a unique .ovpn file for him.
I need a master .ovpn file where with the same .ovpn file they can connect using their proper users and passwords.
Thanks.

novaflash
I should be on the dev team.
Posts: 978
Joined: Fri Apr 13, 2012 8:43 pm

Re: Just one arch .ovpn for all clientes.

Post by novaflash » Wed Aug 28, 2019 6:51 am

That is truly a terrible idea. We did not implement that sort of function into Access Server. The closest you can get is the server-locked profile and that is a reasonably safe method. Perhaps the closest you can get with Access Server that meets your very strange demand is the function where client certificates are disabled, which lowers security significantly. We do not recommend this. Please reconsider.

https://openvpn.net/vpn-server-resource ... rtificates

We do not recommend this and urge you to reconsider using a normal and secure method where client certificates are kept intact and unique per user. But it's your choice. I don't think I can help you further on this line of thought anymore.

Post Reply