Paul M wrote: > to answer my own question, no, you can't use shared key and have > multiple clients. OK, so I was being lazy!!! > > I generated the keys using the instructions here: > http://openvpn.net/howto.html#pki > > note. I found I had two sets of easy-rsa scripts for making keys, > /usr/share/openvpn and also in /usr/share/openvpn/2.0, and the ones in > the former caused an "unsupported certificate purpose" error, I used the > scripts in the 2.0 directory and it all worked. > > I'm still setting up separate openvpn daemons each with their own CA for > the moment.
this approach seems to work fairly well, each person gets their own CA and multiple client certs, so that if someone leaves I simply kill their server, and I don't need to hack around with the config to ensure each person gets an IP unique to them as each openvpn server then has its own net block. the easy-rsa scripts make generating all the certs and keys really easy. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
