OpenVPN road warrior
jaime10 last edited by
I have implemented a road warrior config against my pfSense installation succesfully. I am nor a security expert but if someone is able to copy the config folder of my openVPN client, this person will be able to have access to my LAN. Am I wrong or there is some way to avoid it?
heper last edited by
didn't you have a password setup with the certificate ?
Nachtfalke last edited by
There are three possibilities for an OpenVPN client to connect to your OpenVPN server:
Just an username and password combination (User Auth)
Just a OpenVPN client certificate
A combination of client certificate and username/password
So if you just have a client certificate and someone else got this certificate he is able to connect to your VPN. If you know that someone lost his certificate or someone has stolen a certificate you can put this certificate on a so called "Certificate Revocation List" which means that connections with this cert will be blocked.
So best thing would be that you think about a username/password and certificate combination.
A more secure possibility would be a certificate + username and one-time-password combination. This can be done in less steps with the freeradius2 package in combination with your OpenVPN Server.