LizaMoly
asked on
OpenVPN authentication using " user and password" or certificate
I need to authenticate some users in OpenVPN server using " user and password " + certificate authentication, and other some other user can be authenticated using certificates only. Which they can't enter users and passwords.
What the solution for that ? with keeping authentication using passwords available for some users.
How can i add user and password inside openvpn client configuration file. ? not in external file.
What the solution for that ? with keeping authentication using passwords available for some users.
How can i add user and password inside openvpn client configuration file. ? not in external file.
you will probably need 2 vpn locations. One for each configuration.
One way is to use different OpenVPN servers, e.g. with different port.
You can do with an authentication script running on the server side, checking the certificate and deciding whether to use auth-user-pass, but that is more complex (never done myself).
You can do with an authentication script running on the server side, checking the certificate and deciding whether to use auth-user-pass, but that is more complex (never done myself).
ASKER
How can I connect two OpenVPN servers with each other ?
Why you would like or need to do that?
ASKER
I have some clients cannot enter user and password "IP phones ", which support openvpn but not support external files containing username and password. It just only accept certificate authentication. So what the solution to keep handling some users must be authenticated with user and password.
Is there any way to include username and password inside the configuration file ?
I'm thinking now to specify one server for authentication using certificates only, and the other server can authenticate using username and password + certificates.
This is my situation, Any help ??
Is there any way to include username and password inside the configuration file ?
I'm thinking now to specify one server for authentication using certificates only, and the other server can authenticate using username and password + certificates.
This is my situation, Any help ??
Reread http:#a40597092, that describes both options. You do not need to "connect two OpenVPN servers with each other", they are independant.
ASKER
Please Qlemo, correct the link, it's refer to this question.
Exactly - this is intentional, hence the reread.
Probably two servers (OpenVPN processes) on the same machine, but using different ports, is the best option for you.
Probably two servers (OpenVPN processes) on the same machine, but using different ports, is the best option for you.
ASKER
How can i do that ? How to run two OpenVPN processes?
Like this:
You might even use two different folders for OpenVPN, to keep everything separated from each other, including CA certs. Keeping the certs different prevents from users deciding they do not need to authenticate, if they gain knowledge how to do that.
pushd c:\Program Files\OpenVPN
path %PATH%;C:\Program Files\OpenVPN\bin;
start /min "OVPN Cert only" openvpn -config config\server-certonly.ovpn
start /min "OVPN auth" openvpn -config config\server-userpass.ovpn
popd
Each OVPN file contains the appropiate configuration commands.You might even use two different folders for OpenVPN, to keep everything separated from each other, including CA certs. Keeping the certs different prevents from users deciding they do not need to authenticate, if they gain knowledge how to do that.
ASKER
Thank you Qlemo for your help, but i use Linux, CentOS 6.5. I need the solution for linux not windows.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Why a "B" grade?