hi, thanks for the answers, I still have one question: in order to "Verify that a given Access Server user only logs in using a known client machine, by using the MAC address of the client machine as a hardware ID."
do I need a license, and Access Server interface? Where can I find post-auth module for building a script to check for the hardware ID. On 7/23/2019 6:54 PM, Selva Nair wrote: > Hi, > > On Tue, Jul 23, 2019 at 9:50 AM Stefan Szabo via Openvpn-users > <openvpn-users@lists.sourceforge.net> wrote: >> hi, >> >> is there any posibility to restrict users connecting to openvpn server, >> permit only those who uses devices provided by company?and how can be >> acomplished this? >> after check the cert and also LDAP goup to perform another check(post-auth) >> and use something like mac address or anything else to identify the device >> used if its provided by company or not. >> >> I've found something here, but I'm afraid for this is only available with >> license subscription only: >> https://openvpn.net/vpn-server-resources/access-server-post-auth-script-host-checking/ > > You can use --push-peer-info in the client config to make the client > send the mac address of its default gateway interface to the server > (see --push-peer-info in the man page). But, as JJK said, MAC can be > cloned/faked, so not very reliable. > > For Windows clients, upload the client certificate and key (as > non-exportable) to the Windows certificate store and use the > --cytpoapicert option. That would be a more reliable way of ensuring > connections come from devices that you setup. > > > Selva
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
