On Wed, 2005-11-09 at 08:35 -0700, Andrew McNabb wrote: > On Wed, Nov 09, 2005 at 08:23:36AM -0700, Hans Fugal wrote: > > > > Provided you're using the server mode (which implies TLS). If you are > > using e.g. preshared keys then you'd have to run a second daemon on the > > "server" peer (with its own tun). > > > > Could you explain that a little more? I'm not familiar with this second > way. Thanks.
TLS is the way to go. First, a few references.
http://mia.ece.uic.edu/~papers/volans/openvpn.html
http://eifit.org/downloads/openvpn-presentation.txt
The gist of it is to create a CA certificate, then create a server cert
(signed by the CA), and finally client certs (also signed) for each
client. Doing so you can support any number of clients with just the one
server config.
Once you go to TLS you can also use per-client settings using the
client-config-dir setting. I use that to push extra IP addresses to
specific clients.
Corey
signature.asc
Description: This is a digitally signed message part
/* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
