On Wed, 5 May 2021 13:17:58 +0200, Gert Doering <g...@greenie.muc.de> wrote:
>I was more thinking about "if someobody malicous lays their hand on such >an openvpn client config" - then you might want to do extra precautions >on the server to stop them from reaching "anything that is not on the VPN". > >If it's all under your control, then the setup above is good enough. Thanks again Gert! Most valuable comments. The reason I wanted this tunnel to not "get anywhere" is just if someone gets hold of the server side client conf file since it is for the remote server to autoconnect. So it is itself without password. The file itself opens the connection. The client side conf/ovpn files will contain a password protected key instead, so these cannot be stolen without also getting the individual password. I think we are fine with this setup, after I have prototyped it and tested that it actually works like we want. -- Bo Berglund Developer in Sweden _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
