Find the answer to your Linux question:
Results 1 to 2 of 2
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    Openvpn howto question

    I'm going through the openvpn howto, section "Configuring client-specific rules and access policies", HOWTO.

    I understand how the network is segregated, different subnets for employees, sys admins and contractors.

    I don't understand how openvpn identifies a user as either an employee, sys admin or contractor.

    Is that what the next section, "Using alternative authentication methods" deals with? Does it involve using the openvpn-auth-pam plugin?

    I don't see where else openvpn could recognize a user, other than if the client built it into their certificate.

    For example, is this how it works:

    You login with user sysadmin1 / some password via the openvpn-auth-pam plugin, openvpn recognizes the sysadmin1 user and invokes "ifconfig-push".

  2. #2
    Linux User
    Join Date
    May 2008
    NYC, moved from KS & MO
    The identification is done through the common name when you create the certificates.
    You can find this information from the sample server configuration file
    # EXAMPLE: Suppose the client
    # having the certificate common name "Thelonious"
    # also has a small subnet behind his connecting
    # machine, such as
    # First, uncomment out these lines:
    ;client-config-dir ccd
    # Then create a file ccd/Thelonious with this line:
    # iroute
    with duplicate-cn on you can use the same certificates for a group of people, for example, the employees.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts