On Wed, Jan 12, 2011 at 12:08 PM, Gilles <codecompl...@free.fr> wrote: > On Tue, 11 Jan 2011 10:02:48 -0500, Mark Deneen <mden...@gmail.com> > wrote: >> Using the shared secret will only allow a single point to point >>connection. That is, you have to use certificates if you want more >>than one client. > > Thanks for the tip. I was under the impression that the shared key is > just the equivalent of the hashed password in /etc/shadow. Also, when > running "openvpn --genkey --secret static.key", I wasn't prompted for > the hostname or IP address of the client, so I don't understand why > using a shared key would limit connections only from a specific > client. > > Or do you mean that once a client is connected, no other client can > connect using the shared key? > > Thank you.
>From >http://www.openvpn.net/index.php/open-source/documentation/howto.html#quick : Static Key disadvantages * Limited scalability -- one client, one server * Lack of perfect forward secrecy -- key compromise results in total disclosure of previous sessions * Secret key must exist in plaintext form on each VPN peer * Secret key must be exchanged using a pre-existing secure channel I honestly do not know what happens if you attempt to connect another client. It's either going to reject that client or disconnect the active one. -M -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
