OpenVPN User Auth + Static key security?



  • I was just curious on the security of the User auth + Static key OpenVPN configuration– or alternatively, whether it is possible to do SSL/TLS  per user certs with LDAP authentication.

    Is there a big security risk to the first?  Are the clients negotiating per-session encryption keys with the server?  How does it compare to Cisco VPN client Group auth + user auth (as that is the security bar I am aiming at)?

    Concerns about the SSL/TLS per user certs are mostly because of the constantly changing user list, the large number of users, and the difficulty of managing such a large number of configs-- plus the difficulty in exporting all those openvpn packages.


Locked