Simple question I would think

  • is there anything stopping a person from copying the contents of the config folder and using that to connect via any other system they can load the openVPN client onto? Is there a way to lock the config to a single computer?

    on a second note. I followed the guide to setup openVPN server by creating all the keys for the server and client from a windows workstation… what would I need to do, if I wanted to create more clients but that system (crashed or was stolen) would I need to recreate everything and re-setup the server certificates on the new computer?

  • Someone can copy the certificates and keys and use the client rom another computer.
    But not both computers at the same time.
    Only one client with a specific certificate can connect to the server.
    (except you configure it, so it's possible to connect from multiple clients with the same key/certificate….)

    If one client gets compromised: There is the "Certificate Revoktion List"
    With this list you can void a client.
    Take a look at the man pages on on how to do that.

  • Thanks, I suspected there was no way to restrict connections from only company laptops, but wanted to check.

    I should have worded the second part of my question a little better. So I will try it again. (let me preface this with I have searched for the answer here, but did not find a definitive explanation)

    What steps are required to backup my CA if they are generated from a windows workstation, using the easy-rsa feature of the openVPN client? (I have backed up the the key directory) is that all I need to do?

  • Copy the files to a safe place. You could copy them carefully into something like KeePass from where the keys can be stored encrypted.

Log in to reply