Hi
On Wed, Jan 10, 2024 at 07:53:35AM +, Peter Davis wrote:
> True, but I don't want to create a key for each employee in the department.
Abandon that thought. We've been here before: you need unique keys per
user, everything else will just make your life painful and miserable.
gert
--
"If
>On Tuesday, January 9th, 2024 at 4:25 PM, Gert Doering
>wrote:
> Hi,
>
> On Tue, Jan 09, 2024 at 11:33:22AM +, Peter Davis wrote:
>
> > > What do you mean by "revoke the key of one department"? This question does
> > > not make much sense, since there is no per-department key, if you do
>On Tuesday, January 9th, 2024 at 3:27 PM, Antonio Quartulli
>wrote:
> Hi,
>
> On 09/01/2024 12:24, Peter Davis wrote:
>
> > Hi,
> > In the Easy-RSA directory I have the following files and directories:
> > easyrsa openssl-easyrsa.cnf pki ta.key vars x509-types
> >
> > Is it enough to keep t
On 27/12/2023 12:43, Jason Long via Openvpn-users wrote:
[...snipp...]
Server config is:
port 2023
proto udp
dev tun1
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/H_Server.crt
key /etc/openvpn/server/H_Server.key
dh /etc/openvpn/server/dh.pem
server 20.20.0.0 255.255.255.0
20.20.0.0/
Hi,
On Tue, Jan 09, 2024 at 11:33:22AM +, Peter Davis wrote:
> > What do you mean by "revoke the key of one department"? This question does
> > not make much sense, since there is no per-department key, if you do not
> > have per-department servers.
>
> In your company, you have 3 departments.
Hi,
On 09/01/2024 12:24, Peter Davis wrote:
Hi,
In the Easy-RSA directory I have the following files and directories:
easyrsa openssl-easyrsa.cnf pki ta.key vars x509-types
Is it enough to keep the pki directory?
Why not keeping everything?
Cheers,
--
Antonio Quartulli
__
On 09.01.24 12:33, Peter Davis via Openvpn-users wrote:
An employee in the supervision department shares a key with someone
outside the company, and you want to block access to the server
through that key. You must revoke the certificate of the supervision
department. If each department has its o
>On Tuesday, January 9th, 2024 at 2:47 PM, Gert Doering
>wrote:
> Hi,
>
> On Tue, Jan 09, 2024 at 11:14:26AM +, Peter Davis wrote:
>
> > 1- So, by using --auth-user-pass I can prevent excessive access to the
> > server.
>
>
> That depends on your definition of "excessive" and "prevent"
>On Tuesday, January 9th, 2024 at 2:40 PM, Antonio Quartulli
>wrote:
> Hi,
>
> On 09/01/2024 08:18, Peter Davis via Openvpn-users wrote:
>
> > Hi,
> > So if I want to revoke the keys in the future and prevent clients from
> > connecting to the server, then I need the Easy-RSA directory that
Hi,
On Tue, Jan 09, 2024 at 11:14:26AM +, Peter Davis wrote:
> 1- So, by using --auth-user-pass I can prevent excessive access to the server.
That depends on your definition of "excessive" and "prevent", but it
gives you more control on who can login, and when.
> 2- I want each department to
>On Tuesday, January 9th, 2024 at 2:02 PM, Gert Doering
>wrote:
> Hi,
>
> On Tue, Jan 09, 2024 at 10:25:13AM +, Peter Davis wrote:
>
> > 1- Assuming that a user shares his\her username and password with
> > others in addition to the keys, then using --auth-user-pass, can
> > two users wit
Hi,
On 09/01/2024 08:18, Peter Davis via Openvpn-users wrote:
Hi,
So if I want to revoke the keys in the future and prevent clients from
connecting to the server, then I need the Easy-RSA directory that I used to
generate the keys at that time. is it true?
Correct. More specifically, you nee
Hi,
On Tue, Jan 09, 2024 at 10:25:13AM +, Peter Davis wrote:
> 1- Assuming that a user shares his\her username and password with
> others in addition to the keys, then using --auth-user-pass, can
> two users with the same username and password connect to the server
> at the same time?
No, bec
>On Tuesday, January 9th, 2024 at 1:45 PM, Gert Doering
>wrote:
> Hi,
>
> On Tue, Jan 09, 2024 at 10:06:33AM +, Peter Davis wrote:
>
> > I'd like to use something like a MAC address filtering mechanism, but that
> > would require scripting and I don't know how to do that. I want no one t
Hi,
On Tue, Jan 09, 2024 at 10:06:33AM +, Peter Davis wrote:
> I'd like to use something like a MAC address filtering mechanism, but that
> would require scripting and I don't know how to do that. I want no one to be
> able to connect to the OpenVPN server without permission.
If a user has
>On Tuesday, January 9th, 2024 at 11:33 AM, Gert Doering
>wrote:
> Hi,
>
> On Tue, Jan 09, 2024 at 07:20:24AM +, Peter Davis wrote:
>
> > 1- So one of the benefits of using LDAP mechanism is that two users cannot
> > use the OpenOne server at the same time? I mean using openvpn-auth-ldap
Hi,
On Tue, Jan 09, 2024 at 07:20:24AM +, Peter Davis wrote:
> 1- So one of the benefits of using LDAP mechanism is that two users cannot
> use the OpenOne server at the same time? I mean using openvpn-auth-ldap
> package.
I fail to understand this question.
> 2- Regarding the third questi
17 matches
Mail list logo