Prevent user installing OpenVPN
-
Hi,
Currently we're using OpenVPN connection with ldap login. Each user is having a static IP to restrict filter VPN usage by user/service.But, to improve security, I would like to prevent my users to install OpenVPN on device that I didn't approved. How can I do that ? After hours or searching, I didn't found any way to filter "non approved" device.
My goal is to only allow OpenVPN connection through our devices. We do not want user to setup there VPN client on their own device.
Thank you !
-
There wouldn't be a way to tell if a user is connecting from an approved device as long as they use the same settings. If they take the OpenVPN config+files and copy that to something else, it looks the same to the server.
The settings and authentication they use have to be valid, of course, they can't just make up whatever they want to connect to your server.
-
Look also at https://forums.openvpn.net/viewtopic.php?t=24703
It boils down to : if you can't trust the humans that operate your devices ....