hello,
i try to build different instance of ovpn but with different certificate. I explain myself: by default if i have a certificate it is a certificate for any instance of openvpn so a user can use any instance just by modifying client.conf. so if i want to secure each network i have to use 1 machine per network.
so my question is: it is possible to configure openvpn to accept a certificate on only one instance ?
thanks to anyone who have an idea on this.
multiple instance, differents certificate ?
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 1
- Joined: Wed Jun 22, 2016 7:49 am
-
- OpenVpn Newbie
- Posts: 9
- Joined: Mon Aug 08, 2016 6:35 am
Re: multiple instance, differents certificate ?
Certificate authority file (ca) can contain multiple certificates. There is option (capath) that specifies different certificate files. Try to use these on the server pointing to all the ca certificates you want to modify.
-
- OpenVpn Newbie
- Posts: 10
- Joined: Tue Aug 09, 2016 11:36 am
Re: multiple instance, differents certificate ?
I understand that you want to set up new OpenVPN connection in your network with different settings, isn't it? You can use OpenVPN configuration to set its daemon to accept multiple clients with the same certificate. It may be accepted in small network, but you'll lose some security points.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: multiple instance, differents certificate ?
To accept only one certificate on your new server use eitherkirua wrote:i try to build different instance of ovpn but with different certificate.
<s>
so my question is: it is possible to configure openvpn to accept a certificate on only one instance ?
- a new PKI with only one client certificate or
- a --client-connect script to verify only one client from your existing client pool.