Limit allowed users
-
Hi,
I have an OpenVPN dial up server. It's configured to use local database as backend for authentication.
Then I have an other server that uses Win AD. This second is ok.On the first, that will authenticate using local database, I cannot find a way to enable only a subset of users to be validated and access this server. Is there any way?
thanks
-
@topogigio
If you have a server in user auth mode with local database all local users are allowed to connect.
You can use TLS authentication and assign certificates only to certain users who should be able to connect. -
@viragomann I performed some tests. It seems that I can solve with:
- create a new local Certification Auth and assign to the new OpenVPN Server
- assign to some user a certificate released by this new Auth
It seems that this will allow to select who can use that OVPN server
-
@topogigio
Yes, with TLS auth, only clients with a certificate signed by the CA which is selected in the server settings are allowed to connect.
You can additionally check „strict user CN matching“ to ensure all clients can connect with their own cert.