Simple question I would think
-
is there anything stopping a person from copying the contents of the config folder and using that to connect via any other system they can load the openVPN client onto? Is there a way to lock the config to a single computer?
on a second note. I followed the guide to setup openVPN server by creating all the keys for the server and client from a windows workstation… what would I need to do, if I wanted to create more clients but that system (crashed or was stolen) would I need to recreate everything and re-setup the server certificates on the new computer?
-
Someone can copy the certificates and keys and use the client rom another computer.
But not both computers at the same time.
Only one client with a specific certificate can connect to the server.
(except you configure it, so it's possible to connect from multiple clients with the same key/certificate….)If one client gets compromised: There is the "Certificate Revoktion List"
With this list you can void a client.
Take a look at the man pages on http://openVPN.net on how to do that. -
Thanks, I suspected there was no way to restrict connections from only company laptops, but wanted to check.
I should have worded the second part of my question a little better. So I will try it again. (let me preface this with I have searched for the answer here, but did not find a definitive explanation)
What steps are required to backup my CA if they are generated from a windows workstation, using the easy-rsa feature of the openVPN client? (I have backed up the the key directory) is that all I need to do?
-
Copy the files to a safe place. You could copy them carefully into something like KeePass from http://keepass.info where the keys can be stored encrypted.
