multiple instance, differents certificate ?

How to customize and extend your OpenVPN installation.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
kirua
OpenVpn Newbie
Posts: 1
Joined: Wed Jun 22, 2016 7:49 am

multiple instance, differents certificate ?

Post by kirua » Wed Jun 22, 2016 7:58 am

hello,
i try to build different instance of ovpn but with different certificate. I explain myself: by default if i have a certificate it is a certificate for any instance of openvpn so a user can use any instance just by modifying client.conf. so if i want to secure each network i have to use 1 machine per network.
so my question is: it is possible to configure openvpn to accept a certificate on only one instance ?

thanks to anyone who have an idea on this.

stevenwilliams
OpenVpn Newbie
Posts: 9
Joined: Mon Aug 08, 2016 6:35 am

Re: multiple instance, differents certificate ?

Post by stevenwilliams » Wed Aug 10, 2016 11:16 am

Certificate authority file (ca) can contain multiple certificates. There is option (capath) that specifies different certificate files. Try to use these on the server pointing to all the ca certificates you want to modify.

GlennSam
OpenVpn Newbie
Posts: 10
Joined: Tue Aug 09, 2016 11:36 am

Re: multiple instance, differents certificate ?

Post by GlennSam » Wed Aug 24, 2016 7:13 am

I understand that you want to set up new OpenVPN connection in your network with different settings, isn't it? You can use OpenVPN configuration to set its daemon to accept multiple clients with the same certificate. It may be accepted in small network, but you'll lose some security points.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: multiple instance, differents certificate ?

Post by TinCanTech » Wed Aug 24, 2016 10:47 am

kirua wrote:i try to build different instance of ovpn but with different certificate.
<s>
so my question is: it is possible to configure openvpn to accept a certificate on only one instance ?
To accept only one certificate on your new server use either
  • a new PKI with only one client certificate or
  • a --client-connect script to verify only one client from your existing client pool.

Post Reply