OpenVPN (SSL/TLS + User Auth.) strange login behavior
-
Thanks for the information.
Do you think to change that in the near future?
I made some other tests. I was able to log in with a certificate of a deleted user and the credentials of an existing user. I think this could be a security issue?Thank you!
-
We don't yet have a CRL GUI (I'm working on that right now) - once we do, it will revoke certificates of deleted users and prevent them from getting in.
I opened a ticket to add the more strict auth setting as an option: http://redmine.pfsense.org/issues/887
Not sure when it will go in, but it shouldn't take too long.
-
great! You do a fantastic work!! 8)
-
Very eager to see this feature implemented!! We would definitely make heavy use of it.
-
Just checking in on this feature, I'm chomping at the bit for it… ;)
Possible ETA of implementation?
-
No ETA, just that it will happen before 2.0.
If a commercial support subscriber were to request it be done with some of their support time, or if a suitable bounty was offered, it might speed things up, but as-is it will happen when time allows. Updates will happen on the ticket when any progress is made.
-
Fair enough! Thanks again.
-
I just checked in the last bits of code to do this in the GUI. The next snapshot should include this option.
When you are in SSL/TLS+User Auth mode, a checkbox will show up to enable the strict username/cn matching.
-
Yep, I just updated and checked this, works like a charm. Thanks a million!
-
Great!!! ;D thank you so much…
