Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Can a user change his password to open VPN or change the password even at the first connection?

    OpenVPN
    3
    9
    202
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rem1488 last edited by

      Can a user change his password to open VPN or change the password even at the first connection?
      And there’s also a question about password security policy! is there such a setting
      PS Sorry for my English))

      R 1 Reply Last reply Reply Quote 0
      • R
        rem1488 @rem1488 last edited by rem1488

        I found one pattern when downloading the config from the OpenVPNClient Export Utility firewall:

        1. Archie then you can change the password through the client
        2. When you download the finished installer, then you can’t change the password

        2020-04-09_17-35-38.png
        2020-04-09_17-38-02.png
        2020-04-09_17-40-43.png

        Gertjan 1 Reply Last reply Reply Quote 0
        • R
          rem1488 last edited by

          maybe someone knows what this is connected with?

          1 Reply Last reply Reply Quote 0
          • Gertjan
            Gertjan @rem1488 last edited by Gertjan

            @rem1488 said in Can a user change his password to open VPN or change the password even at the first connection?:

            then you can’t change the password

            It's probably the user and password cached locally, so that every time the OpenVPN client rebuilds the connection, the user isn't asked for credentials (again).
            "Change Password" will not change anything on the OpenVPN server side.

            Btw : Go for

            d333c25c-6343-46bb-9dc6-4c8de14c6291-image.png

            and live becomes a bit easier.

            1 Reply Last reply Reply Quote 0
            • R
              rem1488 last edited by rem1488

              @Gertjan said in Can a user change his password to open VPN or change the password even at the first connection?:

              But this is not secure without authentication. Or am I misunderstood something?

              1 Reply Last reply Reply Quote 0
              • Gertjan
                Gertjan last edited by

                You have a choice :
                Give the user a login and password.

                Or this :

                <cert>
                -----BEGIN CERTIFICATE-----
                MIIDTjCCAregAwIBAgIDKzZvMA0GCSqGSIb3DQEBCwUAMIGFMQswCQYDVQQGEwJV
                UzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMGA1UEChMM
                Rm9ydC1GdW5zdG9uMRgwFgYDVQQDEw9Gb3J0LUZ1bnN0b24gQ0ExITAfBgkqhkiG
                9w0BCQEWEm1lQG15aG9zdC5teWRvbWFpbjAgFw0xNjExMDMwMzA2MThaGA8yMDY2
                MTEwMzAzMDYxOFowgYoxCzAJBgNVBAYTAlZHMQwwCgYDVQQIDANCVkkxEzARBgNV
                BAoMCkV4cHJlc3NWUE4xEzARBgNVBAsMCkV4cHJlc3NWUE4xHDAaBgNVBAMME2V4
                ....
                MB0GA1UdDgQWBBSkBM1TCX9kBgFsv2RmOzudMXa9njANBgkqhkiG9w0BAQsFAAOB
                gQA+2e4b+33zFmA+1ZQ46kWkfiB+fEeDyMwMLeYYyDS2d8mZhNZKdOw7dy4Ifz9V
                qzp4aKuQ6j61c6k1UaQQL0tskqWVzslSFvs9NZyUAJLLdGUc5TT2MiLwiXQwd4Uv
                H6bGeePdhvB4+ZbW7VMD7TE8hZhjhAL4F6yAP1EQvg3LDA==
                -----END CERTIFICATE-----
                </cert>
                <key>
                -----BEGIN RSA PRIVATE KEY-----
                MIIEpAIBAAKCAQEAqzmLfyjotrjAxnr96V4PI9UjuCf+BFVgxe7yXCq9o62Zag/8
                7gBcdltWFr8Lpjzujyh+D1PettWjXYrpmlJL/0aZQn85558aqG4SbkxNqAPq0tWz
                qvvToR8BfY4DVzVZPl1+HdLaEk+bhhOmdznZjwbq/KOQJQn+/Dw0gMKRTsOR64C6
                .....
                zz7h++3D5C/v4b5UumTFcyg+3RGVclPKZcfOgDSGzzeSd/hTW46iUTOgeOUQzQVM
                kzPRXdoyYgVRQtgSpY5xR3O1vjAbahwx8LZ0SvQPMBhYSDbV/Isr+fBacWjl/Aip
                EEwxeQKBgQDdrAEnVlOFoCLw4sUjsPoxkLjhTAgI7CYk5NNxX67Rnj0tp+Y49+sG
                Uhl5sCGfMKkLShiON5P2oxZa+B0aPtQjsdnsFPa1uaZkK4c++SS6AetzYRpVDLmL
                p7/1CulE0z3O0sBekpwiuaqLJ9ZccC81g4+2j8j6c50rIAct3hxIxw==
                -----END RSA PRIVATE KEY-----
                </key>
                

                What looks more secure to you ?? ;)

                R 1 Reply Last reply Reply Quote 0
                • noplan
                  noplan last edited by

                  ohooo man i love it
                  when live gets easier ...
                  ;) @Gertjan

                  1 Reply Last reply Reply Quote 0
                  • R
                    rem1488 @Gertjan last edited by

                    @Gertjan said in Can a user change his password to open VPN or change the password even at the first connection?:

                    You have a choice :
                    Give the user a login and password.

                    Or this :

                    <cert>
                    -----BEGIN CERTIFICATE-----
                    MIIDTjCCAregAwIBAgIDKzZvMA0GCSqGSIb3DQEBCwUAMIGFMQswCQYDVQQGEwJV
                    UzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMGA1UEChMM
                    Rm9ydC1GdW5zdG9uMRgwFgYDVQQDEw9Gb3J0LUZ1bnN0b24gQ0ExITAfBgkqhkiG
                    9w0BCQEWEm1lQG15aG9zdC5teWRvbWFpbjAgFw0xNjExMDMwMzA2MThaGA8yMDY2
                    MTEwMzAzMDYxOFowgYoxCzAJBgNVBAYTAlZHMQwwCgYDVQQIDANCVkkxEzARBgNV
                    BAoMCkV4cHJlc3NWUE4xEzARBgNVBAsMCkV4cHJlc3NWUE4xHDAaBgNVBAMME2V4
                    ....
                    MB0GA1UdDgQWBBSkBM1TCX9kBgFsv2RmOzudMXa9njANBgkqhkiG9w0BAQsFAAOB
                    gQA+2e4b+33zFmA+1ZQ46kWkfiB+fEeDyMwMLeYYyDS2d8mZhNZKdOw7dy4Ifz9V
                    qzp4aKuQ6j61c6k1UaQQL0tskqWVzslSFvs9NZyUAJLLdGUc5TT2MiLwiXQwd4Uv
                    H6bGeePdhvB4+ZbW7VMD7TE8hZhjhAL4F6yAP1EQvg3LDA==
                    -----END CERTIFICATE-----
                    </cert>
                    <key>
                    -----BEGIN RSA PRIVATE KEY-----
                    MIIEpAIBAAKCAQEAqzmLfyjotrjAxnr96V4PI9UjuCf+BFVgxe7yXCq9o62Zag/8
                    7gBcdltWFr8Lpjzujyh+D1PettWjXYrpmlJL/0aZQn85558aqG4SbkxNqAPq0tWz
                    qvvToR8BfY4DVzVZPl1+HdLaEk+bhhOmdznZjwbq/KOQJQn+/Dw0gMKRTsOR64C6
                    .....
                    zz7h++3D5C/v4b5UumTFcyg+3RGVclPKZcfOgDSGzzeSd/hTW46iUTOgeOUQzQVM
                    kzPRXdoyYgVRQtgSpY5xR3O1vjAbahwx8LZ0SvQPMBhYSDbV/Isr+fBacWjl/Aip
                    EEwxeQKBgQDdrAEnVlOFoCLw4sUjsPoxkLjhTAgI7CYk5NNxX67Rnj0tp+Y49+sG
                    Uhl5sCGfMKkLShiON5P2oxZa+B0aPtQjsdnsFPa1uaZkK4c++SS6AetzYRpVDLmL
                    p7/1CulE0z3O0sBekpwiuaqLJ9ZccC81g4+2j8j6c50rIAct3hxIxw==
                    -----END RSA PRIVATE KEY-----
                    </key>
                    

                    What looks more secure to you ?? ;)

                    I do not agree, because after receiving the config you will get access to the system !!!! and users can leave it on a flash drive or somewhere else. of course, they can set a flag to save the password ((((but this is also a big problem ...
                    And even so, I can’t understand why ssl is safer than ssl + authentication?
                    If you can tell me more please or url on which article

                    Gertjan 1 Reply Last reply Reply Quote 0
                    • Gertjan
                      Gertjan @rem1488 last edited by

                      @rem1488 said in Can a user change his password to open VPN or change the password even at the first connection?:

                      after receiving the config you will get access to the system

                      True.
                      As soon as you have access to a device, the 'cert' method opens also the remote LAN ....
                      Let's say I presume that tools like OpenVPN-client are not (never) installed on devices that have shared users.

                      @rem1488 said in Can a user change his password to open VPN or change the password even at the first connection?:

                      and users can leave it on a flash drive or somewhere else

                      Yep.
                      And they have the VPN login and password - just several characters - in their heads, which can be 'copied' also very easy to another head.

                      @Gertjan said in Can a user change his password to open VPN or change the password even at the first connection?:

                      What looks more secure to you ?? ;)

                      The important word here is "looks". Which is close to 'mystification' or security by obscurity.
                      Because using certs or passwords to ID yourself is the same thing.
                      The latter is easier, after a couple of hundreds of VPN logins ..... as we all do lately.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post

                      Products

                      • Platform Overview
                      • TNSR
                      • pfSense
                      • Appliances

                      Services

                      • Training
                      • Professional Services

                      Support

                      • Subscription Plans
                      • Contact Support
                      • Product Lifecycle
                      • Documentation

                      News

                      • Media Coverage
                      • Press
                      • Events

                      Resources

                      • Blog
                      • FAQ
                      • Find a Partner
                      • Resource Library
                      • Security Information

                      Company

                      • About Us
                      • Careers
                      • Partners
                      • Contact Us
                      • Legal
                      Our Mission

                      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                      Subscribe to our Newsletter

                      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                      © 2021 Rubicon Communications, LLC | Privacy Policy