Re: [Openvpn-users] Using username/password authentication

Fri, 01 Sep 2023 02:10:30 -0700 

On 01/09/2023 10:50, Jason Long wrote:

On Wed, Aug 30, 2023 at 5:36 PM, Gert Doering

[...snip...]

    I will.



Good!  (Since you yet again snip things out of context, I do sincerely 
hope this is about getting copies of the OpenVPN books).




    In the end, I want to know if it is possible to connect the server
    and the client without any key?



Again, you seem to overlook very important details and think carefully 
before you ask.



If you remove all keys, there will be no encryption.  OpenVPN does not 
support that (any more).  That would remove the P from VPN (P = 
Private).  Instead of a Virtual Private Network, you would just end up 
with a Virtual Network where no data is protected.  If this is what you 
want, then there are other alternatives (IP-IP tunnels, GRE tunnels, etc).



The OpenVPN SERVER side MUST have a server.key (the private decryption 
key), server.crt (certificate, providing the identity and a public 
encryption key for the connecting clients) and the ca.crt (Certificate 
authority's certificate, used to verify the identity of issued 
certificates).



The server also needs the dh.pem file, as that is crucial for the the 
Diffie-Hellman algorithm to be able to generate ephemeral session keys - 
which protects you from replay attacks; this is part of the PFS aspect 
(Perfect Forward Secrecy).



The CLIENT side MUST have the ca.crt file, to verify the identity of the 
server.  It MAY have client.crt (client identity and public encryption 
key) and client.key (private decryption key).  If there are no 
client.key/crt configured; the server will not have an identity of the 
client when it connects -> thus username/password authentication is used 
so the server side can have an identity of the connecting client.




Before you ask more questions.  Please do your homework and do some 
googling and reading first.  The terminologies used here are industry 
standard.



--
kind regards,

David Sommerseth
OpenVPN Inc





Attachment:
OpenPGP_signature

Description: OpenPGP digital signature


_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users






















					Reply via email to