Can a user change his password to open VPN or change the password even at the first connection?
-
Can a user change his password to open VPN or change the password even at the first connection?
And there’s also a question about password security policy! is there such a setting
PS Sorry for my English)) -
I found one pattern when downloading the config from the OpenVPNClient Export Utility firewall:
- Archie then you can change the password through the client
- When you download the finished installer, then you can’t change the password
-
maybe someone knows what this is connected with?
-
@rem1488 said in Can a user change his password to open VPN or change the password even at the first connection?:
then you can’t change the password
It's probably the user and password cached locally, so that every time the OpenVPN client rebuilds the connection, the user isn't asked for credentials (again).
"Change Password" will not change anything on the OpenVPN server side.Btw : Go for
and live becomes a bit easier.
-
@Gertjan said in Can a user change his password to open VPN or change the password even at the first connection?:
But this is not secure without authentication. Or am I misunderstood something?
-
You have a choice :
Give the user a login and password.Or this :
<cert> -----BEGIN CERTIFICATE----- MIIDTjCCAregAwIBAgIDKzZvMA0GCSqGSIb3DQEBCwUAMIGFMQswCQYDVQQGEwJV UzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMGA1UEChMM Rm9ydC1GdW5zdG9uMRgwFgYDVQQDEw9Gb3J0LUZ1bnN0b24gQ0ExITAfBgkqhkiG 9w0BCQEWEm1lQG15aG9zdC5teWRvbWFpbjAgFw0xNjExMDMwMzA2MThaGA8yMDY2 MTEwMzAzMDYxOFowgYoxCzAJBgNVBAYTAlZHMQwwCgYDVQQIDANCVkkxEzARBgNV BAoMCkV4cHJlc3NWUE4xEzARBgNVBAsMCkV4cHJlc3NWUE4xHDAaBgNVBAMME2V4 .... MB0GA1UdDgQWBBSkBM1TCX9kBgFsv2RmOzudMXa9njANBgkqhkiG9w0BAQsFAAOB gQA+2e4b+33zFmA+1ZQ46kWkfiB+fEeDyMwMLeYYyDS2d8mZhNZKdOw7dy4Ifz9V qzp4aKuQ6j61c6k1UaQQL0tskqWVzslSFvs9NZyUAJLLdGUc5TT2MiLwiXQwd4Uv H6bGeePdhvB4+ZbW7VMD7TE8hZhjhAL4F6yAP1EQvg3LDA== -----END CERTIFICATE----- </cert> <key> -----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEAqzmLfyjotrjAxnr96V4PI9UjuCf+BFVgxe7yXCq9o62Zag/8 7gBcdltWFr8Lpjzujyh+D1PettWjXYrpmlJL/0aZQn85558aqG4SbkxNqAPq0tWz qvvToR8BfY4DVzVZPl1+HdLaEk+bhhOmdznZjwbq/KOQJQn+/Dw0gMKRTsOR64C6 ..... zz7h++3D5C/v4b5UumTFcyg+3RGVclPKZcfOgDSGzzeSd/hTW46iUTOgeOUQzQVM kzPRXdoyYgVRQtgSpY5xR3O1vjAbahwx8LZ0SvQPMBhYSDbV/Isr+fBacWjl/Aip EEwxeQKBgQDdrAEnVlOFoCLw4sUjsPoxkLjhTAgI7CYk5NNxX67Rnj0tp+Y49+sG Uhl5sCGfMKkLShiON5P2oxZa+B0aPtQjsdnsFPa1uaZkK4c++SS6AetzYRpVDLmL p7/1CulE0z3O0sBekpwiuaqLJ9ZccC81g4+2j8j6c50rIAct3hxIxw== -----END RSA PRIVATE KEY----- </key>What looks more secure to you ?? ;)
-
ohooo man i love it
when live gets easier ...
;) @Gertjan -
@Gertjan said in Can a user change his password to open VPN or change the password even at the first connection?:
You have a choice :
Give the user a login and password.Or this :
<cert> -----BEGIN CERTIFICATE----- MIIDTjCCAregAwIBAgIDKzZvMA0GCSqGSIb3DQEBCwUAMIGFMQswCQYDVQQGEwJV UzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMGA1UEChMM Rm9ydC1GdW5zdG9uMRgwFgYDVQQDEw9Gb3J0LUZ1bnN0b24gQ0ExITAfBgkqhkiG 9w0BCQEWEm1lQG15aG9zdC5teWRvbWFpbjAgFw0xNjExMDMwMzA2MThaGA8yMDY2 MTEwMzAzMDYxOFowgYoxCzAJBgNVBAYTAlZHMQwwCgYDVQQIDANCVkkxEzARBgNV BAoMCkV4cHJlc3NWUE4xEzARBgNVBAsMCkV4cHJlc3NWUE4xHDAaBgNVBAMME2V4 .... MB0GA1UdDgQWBBSkBM1TCX9kBgFsv2RmOzudMXa9njANBgkqhkiG9w0BAQsFAAOB gQA+2e4b+33zFmA+1ZQ46kWkfiB+fEeDyMwMLeYYyDS2d8mZhNZKdOw7dy4Ifz9V qzp4aKuQ6j61c6k1UaQQL0tskqWVzslSFvs9NZyUAJLLdGUc5TT2MiLwiXQwd4Uv H6bGeePdhvB4+ZbW7VMD7TE8hZhjhAL4F6yAP1EQvg3LDA== -----END CERTIFICATE----- </cert> <key> -----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEAqzmLfyjotrjAxnr96V4PI9UjuCf+BFVgxe7yXCq9o62Zag/8 7gBcdltWFr8Lpjzujyh+D1PettWjXYrpmlJL/0aZQn85558aqG4SbkxNqAPq0tWz qvvToR8BfY4DVzVZPl1+HdLaEk+bhhOmdznZjwbq/KOQJQn+/Dw0gMKRTsOR64C6 ..... zz7h++3D5C/v4b5UumTFcyg+3RGVclPKZcfOgDSGzzeSd/hTW46iUTOgeOUQzQVM kzPRXdoyYgVRQtgSpY5xR3O1vjAbahwx8LZ0SvQPMBhYSDbV/Isr+fBacWjl/Aip EEwxeQKBgQDdrAEnVlOFoCLw4sUjsPoxkLjhTAgI7CYk5NNxX67Rnj0tp+Y49+sG Uhl5sCGfMKkLShiON5P2oxZa+B0aPtQjsdnsFPa1uaZkK4c++SS6AetzYRpVDLmL p7/1CulE0z3O0sBekpwiuaqLJ9ZccC81g4+2j8j6c50rIAct3hxIxw== -----END RSA PRIVATE KEY----- </key>What looks more secure to you ?? ;)
I do not agree, because after receiving the config you will get access to the system !!!! and users can leave it on a flash drive or somewhere else. of course, they can set a flag to save the password ((((but this is also a big problem ...
And even so, I can’t understand why ssl is safer than ssl + authentication?
If you can tell me more please or url on which article -
@rem1488 said in Can a user change his password to open VPN or change the password even at the first connection?:
after receiving the config you will get access to the system
True.
As soon as you have access to a device, the 'cert' method opens also the remote LAN ....
Let's say I presume that tools like OpenVPN-client are not (never) installed on devices that have shared users.@rem1488 said in Can a user change his password to open VPN or change the password even at the first connection?:
and users can leave it on a flash drive or somewhere else
Yep.
And they have the VPN login and password - just several characters - in their heads, which can be 'copied' also very easy to another head.@Gertjan said in Can a user change his password to open VPN or change the password even at the first connection?:
What looks more secure to you ?? ;)
The important word here is "looks". Which is close to 'mystification' or security by obscurity.
Because using certs or passwords to ID yourself is the same thing.
The latter is easier, after a couple of hundreds of VPN logins ..... as we all do lately.
