Results 1 to 2 of 2
I'm going through the openvpn howto, section "Configuring client-specific rules and access policies", HOWTO . I understand how the network is segregated, different subnets for employees, sys admins and contractors. ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 11-17-2008 #1
- Join Date
- Jun 2008
Openvpn howto question
I'm going through the openvpn howto, section "Configuring client-specific rules and access policies", HOWTO.
I understand how the network is segregated, different subnets for employees, sys admins and contractors.
I don't understand how openvpn identifies a user as either an employee, sys admin or contractor.
Is that what the next section, "Using alternative authentication methods" deals with? Does it involve using the openvpn-auth-pam plugin?
I don't see where else openvpn could recognize a user, other than if the client built it into their certificate.
For example, is this how it works:
You login with user sysadmin1 / some password via the openvpn-auth-pam plugin, openvpn recognizes the sysadmin1 user and invokes "ifconfig-push 10.8.1.1 10.8.1.2".
- 11-18-2008 #2
- Join Date
- May 2008
- NYC, moved from KS & MO
The identification is done through the common name when you create the certificates.
You can find this information from the sample server configuration file
# EXAMPLE: Suppose the client
# having the certificate common name "Thelonious"
# also has a small subnet behind his connecting
# machine, such as 192.168.40.128/255.255.255.248.
# First, uncomment out these lines:
;route 192.168.40.128 255.255.255.248
# Then create a file ccd/Thelonious with this line:
# iroute 192.168.40.128 255.255.255.248