Hi,
In the current openvpn installation I have clients that are connecting to the OpenVPN and Authenticating through LDAP username and password. In addition I also have set up other servers as clients that authenticate only with their vpn keys (no username or password required).
For this I have created two different configuration files in /etc/openvpn/ directory that use different ports.
I was wondering if it's possible to achieve the same using only configuration file and one port ? Does anyone know if it's possible and how to do that ?
Regards,
Nicolas.
Auth and no Auth on same config
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
nicolasg
- OpenVpn Newbie
- Posts: 19
- Joined: Thu Mar 03, 2011 4:07 pm
-
greg
- OpenVPN User
- Posts: 27
- Joined: Mon Feb 28, 2011 1:46 pm
Re: Auth and no Auth on same config
Maybe you can run another openvpn daemon without auth option?
-
nicolasg
- OpenVpn Newbie
- Posts: 19
- Joined: Thu Mar 03, 2011 4:07 pm
Re: Auth and no Auth on same config
As far as I know daemons cannot share the same port.
-
janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: Auth and no Auth on same config
on the server you can use
the first tells openvpn that a user does not need a client cert; the second tells openvpn that a username/password is optional. You'd have to sort out the case where neither is specified, but that can be done using a 'client-connect' script.
Code: Select all
client-cert-not-required
auth-user-pass-optional -
nicolasg
- OpenVpn Newbie
- Posts: 19
- Joined: Thu Mar 03, 2011 4:07 pm
Re: Auth and no Auth on same config
Hi janjust,
Thank you for your reply. The situation is that I have some servers that must be connected to the VPN all the time and also some users that must be able to connect occasionally.
For the servers I don't expect them to use any additional authentication than their certificate files but for the users I want to force them to Authenticate through LDAP -> WIndows NT.
I have manage to achieve both but on different configuration files, regarding to your reply I don't think "client-cert-not-required" will be useful (the default is "cert-required" ?) but how can I be sure that the servers will authenticate only with the certificate files and users will authenticate by both certificates and LDAP ?
Regards,
Nicolas.
Thank you for your reply. The situation is that I have some servers that must be connected to the VPN all the time and also some users that must be able to connect occasionally.
For the servers I don't expect them to use any additional authentication than their certificate files but for the users I want to force them to Authenticate through LDAP -> WIndows NT.
I have manage to achieve both but on different configuration files, regarding to your reply I don't think "client-cert-not-required" will be useful (the default is "cert-required" ?) but how can I be sure that the servers will authenticate only with the certificate files and users will authenticate by both certificates and LDAP ?
Regards,
Nicolas.
-
janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: Auth and no Auth on same config
either use 2 separate openvpn instances, one with certificates for the servers, one with username+passwords (optionally +client-cert-not-required ) or use a single instance for both (as I said before).
You can then use a 'client-connect' script to sort out the certificate-based logins from the username/password logins.
You can then use a 'client-connect' script to sort out the certificate-based logins from the username/password logins.