Client-to-client option and renew certificate.

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
Atara
OpenVpn Newbie
Posts: 7
Joined: Mon Nov 23, 2020 9:22 am

Client-to-client option and renew certificate.

Post by Atara » Tue Apr 13, 2021 7:05 am

good morning

I am starting a server, and I have several doubts.
1. If I want that there is no communication between the clients, is it enough to not put the client-to + client? Is there any way that an ip (administrator) can communicate?
2. The maximum validity of the certificate is 10 years if I am not mistaken. After those 10 years can I renew it without having to access all the clients?

Thank you very much for the help!

Greetings!

300000
OpenVPN Expert
Posts: 522
Joined: Tue May 01, 2012 9:30 pm

Re: Client-to-client option and renew certificate.

Post by 300000 » Tue Apr 13, 2021 2:08 pm

You can use iptables to make it work as you like.

You can use XCA to create certificate with can set over 100 years so don't need renew certificate any more.

The Easy RSA help you first 10 years and when it is at the end 10 years you must connect to all clients and replace with new one that is land you big trouble. How can you replate remote client?

As certificate concern you can going to sub forum and learn how it is when certificate expire.

Atara
OpenVpn Newbie
Posts: 7
Joined: Mon Nov 23, 2020 9:22 am

Re: Client-to-client option and renew certificate.

Post by Atara » Tue Apr 20, 2021 7:34 am

Thank you very much for the answer, I am going to read about the certificates and the ip tables.

Thanks

Post Reply