Authenticatig clients with certificates & username password

[shaia]

Hi All,

Can the openvpn server be configured so that it will allow connections from clients only if the clients have both a valid username/password and a valid certificate?
I am looking for something which is equivalent to ssh logins with a password protected private key, where the ssh server does not allow password only logins

Thanks,
Shai

[krzee]

[01:04] <krzee> !authpass
[01:04] <vpnHelper> krzee: "authpass" is (#1) please see --auth-user-pass-verify in the manual to learn how to force clients to use passwords in addition to certs, or (#2) or to ONLY use passwords (no certs, highly NOT recommended) also use --client-cert-not-required, or (#3) and if you want the login name to be used as the common-name for things like ccd entries, use --username-as-common-name

im lazy so i used my IRC bot to answer, let me know if that helped

[shaia]

Maybe I didn't understand OpenVPN at all ...

If I don't use the --client-cert-not-required switch, the server will require a client certificate?

Does this mean the if I guess a correct username/password (i.e. admin/admin) I cannot connect to the server because I am missing a certificate?

Shai

[krzee]

If I don't use the --client-cert-not-required switch, the server will require a client certificate?

if you use this option, the server will NOT require the client certificate

Does this mean the if I guess a correct username/password (i.e. admin/admin) I cannot connect to the server because I am missing a certificate?

if you do not use the above option, that would be true (and more secure)