Allow OpenVPN client connection from just one exact device?

[PepeOnAChair]

Hello,

In other words, I need to set OpenVPN client up such a way, that user will be able to use his keys on the PC which he is only supposed to. Our employees has company notebooks. The goal is, that OpenVPN client will not be able to use our company OpenVPN server, if employee simply install OpenVPN client to his lets say home PC and copy keys there.
Is there any unique ID, which could be sent everytime OpenVPN client connects? Like ID of the instalation of OpenVPNclient / ID of harddisk / ID of operating system ... ? So I will be able to decide on the server side, if I allow user login or not in or not.

I was thinking about installing OpenVPN client into a virtual machine (most likely OpenWRT in VirtualBOX) which employee would have to run to connect to OpenVPN, but again, how could VM know, inside of which host OS it wakes up?

Thank you in advance.
Pepe

[maikcat]

you can also install clients crt to windows store and configure openvpn to use it,
also you can prevent users from extracting the key from the store.

Michael.

[PepeOnAChair]

Thank you for a tip.
So far I thought that Windows store is just Microsoft cloud environment for buying software.
Could you send me some URL links, where I can read more about this, please?
Thanks
Pepe

[maikcat]

sorry for the confusion but i ment windows cryptoapi store....

openvpn directive used is cryptoapicert.

Michael.