OpenVPN Client Windows
-
Hi all,
I'm in a lab environment for now, using the export utility i'm installing the windows client (X64) setup as certificate and ldap auth.
Just want to ask how secure the install is for example could a malicious user extract the config and keys from the PC and install on another?
In the programfiles\openvpn folder the config and keyboard are there to be read in plain text.Are my concerns founded?
Thanks
-
You do need to have that .ovpn configuration file secured, depending on your configuration, there could be user keys in there.
However, you should also be authenticating your users via LDAP/RADIUS, as well as MFA. So if you have that, even if someone grabs those keys and transfers them to another computer, they would still need the password, as well as the 2 factor to go in.
-
-
@alanbaker The same way you would secure access to the computer/file system.
There is no way to actually secure an ovpn file, however, you can secure everything else before reaching the file like shared folders, user accounts, MFA, proper USB policies, antivirus software, etc.
If you're already using LDAP with SSL Certificates, from the network perspective, you should be good.