OpenVPN without username/password
-
Is it possible to use the user manager just to create/maintain certificates and keys.
I want my OpenVPN to NOT ask for username and password during connection and just
authenticate the user by the key and certificate.Is there a howto or guide to setup OpenVPN on pfSense 2.0.1 without passwords?
Thanks,
Florian -
Sure, just setup the OpenVPN server type as "SSL/TLS" (no auth) and then add certificates in the Cert Manager, you can still export client installers that way. They are not tied to usernames, just certificates. You don't need to add users since they do not need usernames and passwords.
-
Sure, just setup the OpenVPN server type as "SSL/TLS" (no auth) and then add certificates in the Cert Manager, you can still export client installers that way. They are not tied to usernames, just certificates. You don't need to add users since they do not need usernames and passwords.
I am doing this, SSL/TLS only without User Auth, for a portion of VPN users(anonymously for some forum friends) …..... but I do have a worry on the safety of the connection. :(
The above is used because when someone is going to spread the credentials, it has no difference if I actually use User Auth or not.
No User Auth seems to be more convenient for them in connecting. ;DWould the connection in this way less secure than having User Auth? ???
-
It depends on what you mean by "secure".
The level of encryption would be the same, with or without user authentication.
User authentication is an extra layer of prevention to keep out unauthorized access.
So in terms of access control, not having user auth makes it less secure.
But in terms of encryption, the security would be equivalent. -
It depends on what you mean by "secure".
The level of encryption would be the same, with or without user authentication.
User authentication is an extra layer of prevention to keep out unauthorized access.
So in terms of access control, not having user auth makes it less secure.
But in terms of encryption, the security would be equivalent.Sorry for getting back to you late, my question has been well answered :D
In that way I should keep my current practice of having no user auth :P for the encryption being the same level. -
All you need to do is change the mode of the VPN from SSL/TLS+User Auth to simply SSL/TLS - then no auth will be required, but the rest of the settings can stay the same.
-
All you need to do is change the mode of the VPN from SSL/TLS+User Auth to simply SSL/TLS - then no auth will be required, but the rest of the settings can stay the same.
Yes, I did exactly the same and it works like a charm :D
-
Dear Jimp:
I'm very new to openvpn and I'm not sure how to change the mode of the VPN from SSL/TLS+User Auth to simply SSL/TLS? Do I just modify the config file or do I need to reinstall with some other options enabled? Thanks.
-
da_zhuang,
Edit your OpenVPN server, on the Server tab in the General information section use the drop down menu to change the Server Mode option to Remote Access (SSL/TLS). -
Is it possible to have User/password for some users but not for all?
I am using OpenVPN for RoadWarriors users (mostly notebooks). But now I need to setup a connection to a site where I will have a server with a daemon client to establish the VPN between sites. -
hugolia,
Yes. Just configure a 2nd server on a different port. -
Is it possible to have User/password for some users but not for all?
I am using OpenVPN for RoadWarriors users (mostly notebooks). But now I need to setup a connection to a site where I will have a server with a daemon client to establish the VPN between sites.Yes, but they would need to use separate server instances. You can have one server that does user/pass, one that does not, and others for site-to-site VPNs.
Any more detail than that belongs in its own thread specific to your implementation, though, so if you need more help than that, feel free to start a fresh thread and ask.