?
Solved

OpenVPN authentication using " user and password" or certificate

Posted on 2015-02-08
15
Medium Priority
?
406 Views
Last Modified: 2015-03-06
I need to authenticate some users in OpenVPN server using " user and password " + certificate authentication, and other some other user can be authenticated using certificates only. Which they can't enter users and passwords.
What the solution for that ? with keeping authentication using passwords available for some users.
How can i add user and password inside openvpn client configuration file. ? not in external file.
0
Comment
Question by:LizaMoly
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
15 Comments
 
LVL 82

Expert Comment

by:David Johnson, CD, MVP
ID: 40596894
you will probably need 2 vpn locations. One for each configuration.
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 40597092
One way is to use different OpenVPN servers, e.g. with different port.
You can do with an authentication script running on the server side, checking the certificate and deciding whether to use auth-user-pass, but that is more complex (never done myself).
0
 

Author Comment

by:LizaMoly
ID: 40597697
How can I connect two OpenVPN servers with each other ?
0
Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

 
LVL 70

Expert Comment

by:Qlemo
ID: 40597826
Why you would like or need to do that?
0
 

Author Comment

by:LizaMoly
ID: 40598003
I have some clients cannot enter user and password "IP phones ", which support openvpn but not support external files containing username and password. It just only accept certificate authentication. So what the solution to keep handling some users must be authenticated with user and password.
Is there any way to include username and password inside the configuration file ?
I'm thinking now to specify one server for authentication using certificates only, and the other server can authenticate using username and password + certificates.
This is my situation, Any help ??
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 40598284
Reread http:#a40597092, that describes both options. You do not need to "connect two OpenVPN servers with each other", they are independant.
0
 

Author Comment

by:LizaMoly
ID: 40600163
Please Qlemo, correct the link, it's refer to this question.
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 40600176
Exactly - this is intentional, hence the reread.
Probably two servers (OpenVPN processes) on the same machine, but using different ports, is the best option for you.
0
 

Author Comment

by:LizaMoly
ID: 40600418
How can i do that ? How to run two OpenVPN processes?
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 40601838
Like this:
pushd c:\Program Files\OpenVPN
path %PATH%;C:\Program Files\OpenVPN\bin;
start /min "OVPN Cert only" openvpn -config config\server-certonly.ovpn
start /min "OVPN auth" openvpn -config config\server-userpass.ovpn
popd

Open in new window

Each OVPN file contains the appropiate configuration commands.
You might even use two different folders for OpenVPN, to keep everything separated from each other, including CA certs. Keeping the certs different prevents from users deciding they do not need to authenticate, if they gain knowledge how to do that.
0
 

Author Comment

by:LizaMoly
ID: 40603071
Thank you Qlemo for your help, but i use Linux, CentOS 6.5. I need the solution for linux not windows.
0
 
LVL 70

Accepted Solution

by:
Qlemo earned 2000 total points
ID: 40603107
Of course, sorry. But that doesn't change much. Just make sure you use the paths as needed, and start OpenVPN as background job via &. For example
/path/to/openvpn -config /path/to/config/server-cert.ovpn &
/path/to/openvpn -config /path/to/config/server-userpass.ovpn &

Open in new window

Don't know the location of binaries and data in Linux, but that should give you a start.
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 40618509
Why a "B" grade?
0

Featured Post

Enroll in August's Course of the Month

August's CompTIA IT Fundamentals course includes 19 hours of basic computer principle modules and prepares you for the certification exam. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If, like me, you have a lot of Dell servers in the estate you manage this article should save you a little time. When attempting to login to iDrac on any server I would be presented with two errors. The first reads "Do you want to run this applicati…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Suggested Courses
Course of the Month8 days, 2 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question