Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can a user change his password to open VPN or change the password even at the first connection?

    Scheduled Pinned Locked Moved OpenVPN
    9 Posts 3 Posters 3.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rem1488
      last edited by

      Can a user change his password to open VPN or change the password even at the first connection?
      And there’s also a question about password security policy! is there such a setting
      PS Sorry for my English))

      R 1 Reply Last reply Reply Quote 0
      • R
        rem1488 @rem1488
        last edited by rem1488

        I found one pattern when downloading the config from the OpenVPNClient Export Utility firewall:

        1. Archie then you can change the password through the client
        2. When you download the finished installer, then you can’t change the password

        2020-04-09_17-35-38.png
        2020-04-09_17-38-02.png
        2020-04-09_17-40-43.png

        GertjanG 1 Reply Last reply Reply Quote 0
        • R
          rem1488
          last edited by

          maybe someone knows what this is connected with?

          1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @rem1488
            last edited by Gertjan

            @rem1488 said in Can a user change his password to open VPN or change the password even at the first connection?:

            then you can’t change the password

            It's probably the user and password cached locally, so that every time the OpenVPN client rebuilds the connection, the user isn't asked for credentials (again).
            "Change Password" will not change anything on the OpenVPN server side.

            Btw : Go for

            d333c25c-6343-46bb-9dc6-4c8de14c6291-image.png

            and live becomes a bit easier.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • R
              rem1488
              last edited by rem1488

              @Gertjan said in Can a user change his password to open VPN or change the password even at the first connection?:

              But this is not secure without authentication. Or am I misunderstood something?

              1 Reply Last reply Reply Quote 0
              • GertjanG
                Gertjan
                last edited by

                You have a choice :
                Give the user a login and password.

                Or this :

                <cert>
                -----BEGIN CERTIFICATE-----
                MIIDTjCCAregAwIBAgIDKzZvMA0GCSqGSIb3DQEBCwUAMIGFMQswCQYDVQQGEwJV
                UzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMGA1UEChMM
                Rm9ydC1GdW5zdG9uMRgwFgYDVQQDEw9Gb3J0LUZ1bnN0b24gQ0ExITAfBgkqhkiG
                9w0BCQEWEm1lQG15aG9zdC5teWRvbWFpbjAgFw0xNjExMDMwMzA2MThaGA8yMDY2
                MTEwMzAzMDYxOFowgYoxCzAJBgNVBAYTAlZHMQwwCgYDVQQIDANCVkkxEzARBgNV
                BAoMCkV4cHJlc3NWUE4xEzARBgNVBAsMCkV4cHJlc3NWUE4xHDAaBgNVBAMME2V4
                ....
                MB0GA1UdDgQWBBSkBM1TCX9kBgFsv2RmOzudMXa9njANBgkqhkiG9w0BAQsFAAOB
                gQA+2e4b+33zFmA+1ZQ46kWkfiB+fEeDyMwMLeYYyDS2d8mZhNZKdOw7dy4Ifz9V
                qzp4aKuQ6j61c6k1UaQQL0tskqWVzslSFvs9NZyUAJLLdGUc5TT2MiLwiXQwd4Uv
                H6bGeePdhvB4+ZbW7VMD7TE8hZhjhAL4F6yAP1EQvg3LDA==
                -----END CERTIFICATE-----
                </cert>
                <key>
                -----BEGIN RSA PRIVATE KEY-----
                MIIEpAIBAAKCAQEAqzmLfyjotrjAxnr96V4PI9UjuCf+BFVgxe7yXCq9o62Zag/8
                7gBcdltWFr8Lpjzujyh+D1PettWjXYrpmlJL/0aZQn85558aqG4SbkxNqAPq0tWz
                qvvToR8BfY4DVzVZPl1+HdLaEk+bhhOmdznZjwbq/KOQJQn+/Dw0gMKRTsOR64C6
                .....
                zz7h++3D5C/v4b5UumTFcyg+3RGVclPKZcfOgDSGzzeSd/hTW46iUTOgeOUQzQVM
                kzPRXdoyYgVRQtgSpY5xR3O1vjAbahwx8LZ0SvQPMBhYSDbV/Isr+fBacWjl/Aip
                EEwxeQKBgQDdrAEnVlOFoCLw4sUjsPoxkLjhTAgI7CYk5NNxX67Rnj0tp+Y49+sG
                Uhl5sCGfMKkLShiON5P2oxZa+B0aPtQjsdnsFPa1uaZkK4c++SS6AetzYRpVDLmL
                p7/1CulE0z3O0sBekpwiuaqLJ9ZccC81g4+2j8j6c50rIAct3hxIxw==
                -----END RSA PRIVATE KEY-----
                </key>
                

                What looks more secure to you ?? ;)

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                R 1 Reply Last reply Reply Quote 0
                • noplanN
                  noplan
                  last edited by

                  ohooo man i love it
                  when live gets easier ...
                  ;) @Gertjan

                  1 Reply Last reply Reply Quote 0
                  • R
                    rem1488 @Gertjan
                    last edited by

                    @Gertjan said in Can a user change his password to open VPN or change the password even at the first connection?:

                    You have a choice :
                    Give the user a login and password.

                    Or this :

                    <cert>
                    -----BEGIN CERTIFICATE-----
                    MIIDTjCCAregAwIBAgIDKzZvMA0GCSqGSIb3DQEBCwUAMIGFMQswCQYDVQQGEwJV
                    UzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMGA1UEChMM
                    Rm9ydC1GdW5zdG9uMRgwFgYDVQQDEw9Gb3J0LUZ1bnN0b24gQ0ExITAfBgkqhkiG
                    9w0BCQEWEm1lQG15aG9zdC5teWRvbWFpbjAgFw0xNjExMDMwMzA2MThaGA8yMDY2
                    MTEwMzAzMDYxOFowgYoxCzAJBgNVBAYTAlZHMQwwCgYDVQQIDANCVkkxEzARBgNV
                    BAoMCkV4cHJlc3NWUE4xEzARBgNVBAsMCkV4cHJlc3NWUE4xHDAaBgNVBAMME2V4
                    ....
                    MB0GA1UdDgQWBBSkBM1TCX9kBgFsv2RmOzudMXa9njANBgkqhkiG9w0BAQsFAAOB
                    gQA+2e4b+33zFmA+1ZQ46kWkfiB+fEeDyMwMLeYYyDS2d8mZhNZKdOw7dy4Ifz9V
                    qzp4aKuQ6j61c6k1UaQQL0tskqWVzslSFvs9NZyUAJLLdGUc5TT2MiLwiXQwd4Uv
                    H6bGeePdhvB4+ZbW7VMD7TE8hZhjhAL4F6yAP1EQvg3LDA==
                    -----END CERTIFICATE-----
                    </cert>
                    <key>
                    -----BEGIN RSA PRIVATE KEY-----
                    MIIEpAIBAAKCAQEAqzmLfyjotrjAxnr96V4PI9UjuCf+BFVgxe7yXCq9o62Zag/8
                    7gBcdltWFr8Lpjzujyh+D1PettWjXYrpmlJL/0aZQn85558aqG4SbkxNqAPq0tWz
                    qvvToR8BfY4DVzVZPl1+HdLaEk+bhhOmdznZjwbq/KOQJQn+/Dw0gMKRTsOR64C6
                    .....
                    zz7h++3D5C/v4b5UumTFcyg+3RGVclPKZcfOgDSGzzeSd/hTW46iUTOgeOUQzQVM
                    kzPRXdoyYgVRQtgSpY5xR3O1vjAbahwx8LZ0SvQPMBhYSDbV/Isr+fBacWjl/Aip
                    EEwxeQKBgQDdrAEnVlOFoCLw4sUjsPoxkLjhTAgI7CYk5NNxX67Rnj0tp+Y49+sG
                    Uhl5sCGfMKkLShiON5P2oxZa+B0aPtQjsdnsFPa1uaZkK4c++SS6AetzYRpVDLmL
                    p7/1CulE0z3O0sBekpwiuaqLJ9ZccC81g4+2j8j6c50rIAct3hxIxw==
                    -----END RSA PRIVATE KEY-----
                    </key>
                    

                    What looks more secure to you ?? ;)

                    I do not agree, because after receiving the config you will get access to the system !!!! and users can leave it on a flash drive or somewhere else. of course, they can set a flag to save the password ((((but this is also a big problem ...
                    And even so, I can’t understand why ssl is safer than ssl + authentication?
                    If you can tell me more please or url on which article

                    GertjanG 1 Reply Last reply Reply Quote 0
                    • GertjanG
                      Gertjan @rem1488
                      last edited by

                      @rem1488 said in Can a user change his password to open VPN or change the password even at the first connection?:

                      after receiving the config you will get access to the system

                      True.
                      As soon as you have access to a device, the 'cert' method opens also the remote LAN ....
                      Let's say I presume that tools like OpenVPN-client are not (never) installed on devices that have shared users.

                      @rem1488 said in Can a user change his password to open VPN or change the password even at the first connection?:

                      and users can leave it on a flash drive or somewhere else

                      Yep.
                      And they have the VPN login and password - just several characters - in their heads, which can be 'copied' also very easy to another head.

                      @Gertjan said in Can a user change his password to open VPN or change the password even at the first connection?:

                      What looks more secure to you ?? ;)

                      The important word here is "looks". Which is close to 'mystification' or security by obscurity.
                      Because using certs or passwords to ID yourself is the same thing.
                      The latter is easier, after a couple of hundreds of VPN logins ..... as we all do lately.

                      No "help me" PM's please. Use the forum, the community will thank you.
                      Edit : and where are the logs ??

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.