Simple question I would think
is there anything stopping a person from copying the contents of the config folder and using that to connect via any other system they can load the openVPN client onto? Is there a way to lock the config to a single computer?
on a second note. I followed the guide to setup openVPN server by creating all the keys for the server and client from a windows workstation… what would I need to do, if I wanted to create more clients but that system (crashed or was stolen) would I need to recreate everything and re-setup the server certificates on the new computer?
GruensFroeschli last edited by
Someone can copy the certificates and keys and use the client rom another computer.
But not both computers at the same time.
Only one client with a specific certificate can connect to the server.
(except you configure it, so it's possible to connect from multiple clients with the same key/certificate….)
If one client gets compromised: There is the "Certificate Revoktion List"
With this list you can void a client.
Take a look at the man pages on http://openVPN.net on how to do that.
Thanks, I suspected there was no way to restrict connections from only company laptops, but wanted to check.
I should have worded the second part of my question a little better. So I will try it again. (let me preface this with I have searched for the answer here, but did not find a definitive explanation)
What steps are required to backup my CA if they are generated from a windows workstation, using the easy-rsa feature of the openVPN client? (I have backed up the the key directory) is that all I need to do?
Copy the files to a safe place. You could copy them carefully into something like KeePass from http://keepass.info where the keys can be stored encrypted.