|
|
Hi,I have got about 20 virtual interfaces binded to internal interface. Each of them represents a gateway for a VLAN segment. I must ensure a remote user (=memeber a specific VLAN) can acces strictly the specific VLAN when connected remotely. If I used client authentication via shared secret I can pair by this key running daemon on server site with client and set up proper routing. But I'd like to use TLS. But I need a strict client with its certificate connected to only strict running daemon. How I understood all clients with valid certificates can connect to any daemon on the gateway (if they know port, address,... and have proper CA certificates, keys,...) if the are not on CRL Does anybody know how to solve the strict daemon to strict client (certificate) relationship by using TLS? (I found 2 options: 1. to create for each daemon CRL file filling with all other certificates or 2. to create separate CA for each of VLANs but both are quite complicated :) .) Thanks for your answer Lumir Unzeitig ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |