OpenVPN Support Forum

Hi,

In the current openvpn installation I have clients that are connecting to the OpenVPN and Authenticating through LDAP username and password. In addition I also have set up other servers as clients that authenticate only with their vpn keys (no username or password required).

For this I have created two different configuration files in /etc/openvpn/ directory that use different ports.

I was wondering if it's possible to achieve the same using only configuration file and one port ? Does anyone know if it's possible and how to do that ?

Regards,
Nicolas.

Maybe you can run another openvpn daemon without auth option?

As far as I know daemons cannot share the same port.

on the server you can use the first tells openvpn that a user does not need a client cert; the second tells openvpn that a username/password is optional. You'd have to sort out the case where neither is specified, but that can be done using a 'client-connect' script.

Hi janjust,

Thank you for your reply. The situation is that I have some servers that must be connected to the VPN all the time and also some users that must be able to connect occasionally.

For the servers I don't expect them to use any additional authentication than their certificate files but for the users I want to force them to Authenticate through LDAP -> WIndows NT.

I have manage to achieve both but on different configuration files, regarding to your reply I don't think "client-cert-not-required" will be useful (the default is "cert-required" ?) but how can I be sure that the servers will authenticate only with the certificate files and users will authenticate by both certificates and LDAP ?

Regards,
Nicolas.

either use 2 separate openvpn instances, one with certificates for the servers, one with username+passwords (optionally +client-cert-not-required ) or use a single instance for both (as I said before).
You can then use a 'client-connect' script to sort out the certificate-based logins from the username/password logins.