Hi, On Wed, Aug 23, 2023 at 11:20:01AM +0000, Jason Long wrote: > As I understand, if the file name is not equal to the CN name in the > client.crt file, then the client can't connect to the OpenVPN server.
Please stop mixing topics all the time. Either ask about "iroute" and
"route" statements, or about "ccd-exclusive" - these are wholly independent
questions.
> Excuse me, is the ccd-exclusive statement best way to filter the clients? For
> example, I only want to allow clients to connect to the server whose CN name
> is Trusted.
A client that has no certificate can not login. So if you never issued
a certificate to anyone but "Trusted", nobody else can login, without
further config.
What happens if you have certificates rolled out to "Trusted", "Bob" and
"Alice" happens on what you actually want to achieve - you can control
this with ccd-exclusive, or with a client-connect script that only permits
certain users.
But first try to understand the basics - certificates, routes, IP addresses -
before going to more complex topics.
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
