• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Can a user change his password to open VPN or change the password even at the first connection?

Scheduled Pinned Locked Moved OpenVPN
9 Posts 3 Posters 3.3k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R
    rem1488
    last edited by Apr 9, 2020, 6:11 AM

    Can a user change his password to open VPN or change the password even at the first connection?
    And there’s also a question about password security policy! is there such a setting
    PS Sorry for my English))

    R 1 Reply Last reply Apr 9, 2020, 11:48 AM Reply Quote 0
    • R
      rem1488 @rem1488
      last edited by rem1488 Apr 9, 2020, 12:03 PM Apr 9, 2020, 11:48 AM

      I found one pattern when downloading the config from the OpenVPNClient Export Utility firewall:

      1. Archie then you can change the password through the client
      2. When you download the finished installer, then you can’t change the password

      2020-04-09_17-35-38.png
      2020-04-09_17-38-02.png
      2020-04-09_17-40-43.png

      G 1 Reply Last reply Apr 9, 2020, 3:19 PM Reply Quote 0
      • R
        rem1488
        last edited by Apr 9, 2020, 11:50 AM

        maybe someone knows what this is connected with?

        1 Reply Last reply Reply Quote 0
        • G
          Gertjan @rem1488
          last edited by Gertjan Apr 9, 2020, 3:19 PM Apr 9, 2020, 3:19 PM

          @rem1488 said in Can a user change his password to open VPN or change the password even at the first connection?:

          then you can’t change the password

          It's probably the user and password cached locally, so that every time the OpenVPN client rebuilds the connection, the user isn't asked for credentials (again).
          "Change Password" will not change anything on the OpenVPN server side.

          Btw : Go for

          d333c25c-6343-46bb-9dc6-4c8de14c6291-image.png

          and live becomes a bit easier.

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          1 Reply Last reply Reply Quote 0
          • R
            rem1488
            last edited by rem1488 Apr 9, 2020, 4:21 PM Apr 9, 2020, 3:57 PM

            @Gertjan said in Can a user change his password to open VPN or change the password even at the first connection?:

            But this is not secure without authentication. Or am I misunderstood something?

            1 Reply Last reply Reply Quote 0
            • G
              Gertjan
              last edited by Apr 9, 2020, 5:53 PM

              You have a choice :
              Give the user a login and password.

              Or this :

              <cert>
              -----BEGIN CERTIFICATE-----
              MIIDTjCCAregAwIBAgIDKzZvMA0GCSqGSIb3DQEBCwUAMIGFMQswCQYDVQQGEwJV
              UzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMGA1UEChMM
              Rm9ydC1GdW5zdG9uMRgwFgYDVQQDEw9Gb3J0LUZ1bnN0b24gQ0ExITAfBgkqhkiG
              9w0BCQEWEm1lQG15aG9zdC5teWRvbWFpbjAgFw0xNjExMDMwMzA2MThaGA8yMDY2
              MTEwMzAzMDYxOFowgYoxCzAJBgNVBAYTAlZHMQwwCgYDVQQIDANCVkkxEzARBgNV
              BAoMCkV4cHJlc3NWUE4xEzARBgNVBAsMCkV4cHJlc3NWUE4xHDAaBgNVBAMME2V4
              ....
              MB0GA1UdDgQWBBSkBM1TCX9kBgFsv2RmOzudMXa9njANBgkqhkiG9w0BAQsFAAOB
              gQA+2e4b+33zFmA+1ZQ46kWkfiB+fEeDyMwMLeYYyDS2d8mZhNZKdOw7dy4Ifz9V
              qzp4aKuQ6j61c6k1UaQQL0tskqWVzslSFvs9NZyUAJLLdGUc5TT2MiLwiXQwd4Uv
              H6bGeePdhvB4+ZbW7VMD7TE8hZhjhAL4F6yAP1EQvg3LDA==
              -----END CERTIFICATE-----
              </cert>
              <key>
              -----BEGIN RSA PRIVATE KEY-----
              MIIEpAIBAAKCAQEAqzmLfyjotrjAxnr96V4PI9UjuCf+BFVgxe7yXCq9o62Zag/8
              7gBcdltWFr8Lpjzujyh+D1PettWjXYrpmlJL/0aZQn85558aqG4SbkxNqAPq0tWz
              qvvToR8BfY4DVzVZPl1+HdLaEk+bhhOmdznZjwbq/KOQJQn+/Dw0gMKRTsOR64C6
              .....
              zz7h++3D5C/v4b5UumTFcyg+3RGVclPKZcfOgDSGzzeSd/hTW46iUTOgeOUQzQVM
              kzPRXdoyYgVRQtgSpY5xR3O1vjAbahwx8LZ0SvQPMBhYSDbV/Isr+fBacWjl/Aip
              EEwxeQKBgQDdrAEnVlOFoCLw4sUjsPoxkLjhTAgI7CYk5NNxX67Rnj0tp+Y49+sG
              Uhl5sCGfMKkLShiON5P2oxZa+B0aPtQjsdnsFPa1uaZkK4c++SS6AetzYRpVDLmL
              p7/1CulE0z3O0sBekpwiuaqLJ9ZccC81g4+2j8j6c50rIAct3hxIxw==
              -----END RSA PRIVATE KEY-----
              </key>
              

              What looks more secure to you ?? ;)

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              R 1 Reply Last reply Apr 10, 2020, 6:27 AM Reply Quote 0
              • N
                noplan
                last edited by Apr 10, 2020, 6:04 AM

                ohooo man i love it
                when live gets easier ...
                ;) @Gertjan

                1 Reply Last reply Reply Quote 0
                • R
                  rem1488 @Gertjan
                  last edited by Apr 10, 2020, 6:27 AM

                  @Gertjan said in Can a user change his password to open VPN or change the password even at the first connection?:

                  You have a choice :
                  Give the user a login and password.

                  Or this :

                  <cert>
                  -----BEGIN CERTIFICATE-----
                  MIIDTjCCAregAwIBAgIDKzZvMA0GCSqGSIb3DQEBCwUAMIGFMQswCQYDVQQGEwJV
                  UzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMGA1UEChMM
                  Rm9ydC1GdW5zdG9uMRgwFgYDVQQDEw9Gb3J0LUZ1bnN0b24gQ0ExITAfBgkqhkiG
                  9w0BCQEWEm1lQG15aG9zdC5teWRvbWFpbjAgFw0xNjExMDMwMzA2MThaGA8yMDY2
                  MTEwMzAzMDYxOFowgYoxCzAJBgNVBAYTAlZHMQwwCgYDVQQIDANCVkkxEzARBgNV
                  BAoMCkV4cHJlc3NWUE4xEzARBgNVBAsMCkV4cHJlc3NWUE4xHDAaBgNVBAMME2V4
                  ....
                  MB0GA1UdDgQWBBSkBM1TCX9kBgFsv2RmOzudMXa9njANBgkqhkiG9w0BAQsFAAOB
                  gQA+2e4b+33zFmA+1ZQ46kWkfiB+fEeDyMwMLeYYyDS2d8mZhNZKdOw7dy4Ifz9V
                  qzp4aKuQ6j61c6k1UaQQL0tskqWVzslSFvs9NZyUAJLLdGUc5TT2MiLwiXQwd4Uv
                  H6bGeePdhvB4+ZbW7VMD7TE8hZhjhAL4F6yAP1EQvg3LDA==
                  -----END CERTIFICATE-----
                  </cert>
                  <key>
                  -----BEGIN RSA PRIVATE KEY-----
                  MIIEpAIBAAKCAQEAqzmLfyjotrjAxnr96V4PI9UjuCf+BFVgxe7yXCq9o62Zag/8
                  7gBcdltWFr8Lpjzujyh+D1PettWjXYrpmlJL/0aZQn85558aqG4SbkxNqAPq0tWz
                  qvvToR8BfY4DVzVZPl1+HdLaEk+bhhOmdznZjwbq/KOQJQn+/Dw0gMKRTsOR64C6
                  .....
                  zz7h++3D5C/v4b5UumTFcyg+3RGVclPKZcfOgDSGzzeSd/hTW46iUTOgeOUQzQVM
                  kzPRXdoyYgVRQtgSpY5xR3O1vjAbahwx8LZ0SvQPMBhYSDbV/Isr+fBacWjl/Aip
                  EEwxeQKBgQDdrAEnVlOFoCLw4sUjsPoxkLjhTAgI7CYk5NNxX67Rnj0tp+Y49+sG
                  Uhl5sCGfMKkLShiON5P2oxZa+B0aPtQjsdnsFPa1uaZkK4c++SS6AetzYRpVDLmL
                  p7/1CulE0z3O0sBekpwiuaqLJ9ZccC81g4+2j8j6c50rIAct3hxIxw==
                  -----END RSA PRIVATE KEY-----
                  </key>
                  

                  What looks more secure to you ?? ;)

                  I do not agree, because after receiving the config you will get access to the system !!!! and users can leave it on a flash drive or somewhere else. of course, they can set a flag to save the password ((((but this is also a big problem ...
                  And even so, I can’t understand why ssl is safer than ssl + authentication?
                  If you can tell me more please or url on which article

                  G 1 Reply Last reply Apr 10, 2020, 6:54 AM Reply Quote 0
                  • G
                    Gertjan @rem1488
                    last edited by Apr 10, 2020, 6:54 AM

                    @rem1488 said in Can a user change his password to open VPN or change the password even at the first connection?:

                    after receiving the config you will get access to the system

                    True.
                    As soon as you have access to a device, the 'cert' method opens also the remote LAN ....
                    Let's say I presume that tools like OpenVPN-client are not (never) installed on devices that have shared users.

                    @rem1488 said in Can a user change his password to open VPN or change the password even at the first connection?:

                    and users can leave it on a flash drive or somewhere else

                    Yep.
                    And they have the VPN login and password - just several characters - in their heads, which can be 'copied' also very easy to another head.

                    @Gertjan said in Can a user change his password to open VPN or change the password even at the first connection?:

                    What looks more secure to you ?? ;)

                    The important word here is "looks". Which is close to 'mystification' or security by obscurity.
                    Because using certs or passwords to ID yourself is the same thing.
                    The latter is easier, after a couple of hundreds of VPN logins ..... as we all do lately.

                    No "help me" PM's please. Use the forum, the community will thank you.
                    Edit : and where are the logs ??

                    1 Reply Last reply Reply Quote 0
                    1 out of 9
                    • First post
                      1/9
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                      This community forum collects and processes your personal information.
                      consent.not_received