OpenVPN User Auth + Static key security?
-
I was just curious on the security of the User auth + Static key OpenVPN configuration– or alternatively, whether it is possible to do SSL/TLS per user certs with LDAP authentication.
Is there a big security risk to the first? Are the clients negotiating per-session encryption keys with the server? How does it compare to Cisco VPN client Group auth + user auth (as that is the security bar I am aiming at)?
Concerns about the SSL/TLS per user certs are mostly because of the constantly changing user list, the large number of users, and the difficulty of managing such a large number of configs-- plus the difficulty in exporting all those openvpn packages.