1 Key for 1 user
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
teclesoft
- OpenVpn Newbie
- Posts: 5
- Joined: Thu Sep 09, 2021 4:17 pm
1 Key for 1 user
We use VPN with digital certificate and authentication of user and password and it works normally, but I noticed that if a user who has a valid certificate he can login with any user/password existing in linux, that is... if an employee knows the username and password of another he can use this to connect to the VPN normally, how can I tie a certify ONLY 1 linux user? In this way a key pair is only valid for THAT user.
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: 1 Key for 1 user
Indeed.
You can try with a server side authentication script ..
But what happens when your users share complete configs without permission ... ?
-
teclesoft
- OpenVpn Newbie
- Posts: 5
- Joined: Thu Sep 09, 2021 4:17 pm
Re: 1 Key for 1 user
The Linux user is only used to authenticate on VPN, after the VNP is connected each user logs in TS in their own company terminal containing their AD username and password. I just wanted to try to prevent the tunnel from being closed in case of "sharing" this data.
About the script I read this morning, but I don't know the complexity and implementation time and before any attempt I decided to ask here because there could be some parameter in the server.conf that would save me time.
About the script I read this morning, but I don't know the complexity and implementation time and before any attempt I decided to ask here because there could be some parameter in the server.conf that would save me time.
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: 1 Key for 1 user
Openvpn has script hooks for you to meet your external requirements.
If you really want to piss your users off then you can make openvpn only allow one login by each username at a time.
Use --username-as-common-name
But before you do, I strongly advise that you read about it and test it first.
The problem you are trying to tackle is a well known management level decision that you have to call,
in what-ever way works for you.
And, as this is clearly for work, if you need professional assistance then you can contact me:
tincantech at protonmail dot com (Fees will apply)
If you really want to piss your users off then you can make openvpn only allow one login by each username at a time.
Use --username-as-common-name
But before you do, I strongly advise that you read about it and test it first.
The problem you are trying to tackle is a well known management level decision that you have to call,
in what-ever way works for you.
And, as this is clearly for work, if you need professional assistance then you can contact me:
tincantech at protonmail dot com (Fees will apply)
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: 1 Key for 1 user
You may also find this useful:
https://github.com/TinCanTech/easy-tls
https://github.com/TinCanTech/easy-tls