[OpenVPN home]	[Date Prev]	[Date Index]	[Date Next]
[OpenVPN mailing lists]	[Thread Prev]	[Thread Index]	[Thread Next]

Re: [Openvpn-users] Re: Post 2.0 feature request

Subject: Re: [Openvpn-users] Re: Post 2.0 feature request
From: James Yonan <jim@xxxxxxxxx>
Date: Tue, 18 Jan 2005 18:44:34 -0700 (MST)

On Tue, 18 Jan 2005, Mathias Sundman wrote:

> On Tue, 18 Jan 2005, Charles Duffy wrote:
> 
> > On Tue, 18 Jan 2005 11:18:48 +0100, Mathias Sundman wrote:
> >
> >> I have some problem with people installing OpenVPN on multiple computers
> >> and then it would be helpful to see in the server log the hostname of the
> >> client computer.
> >
> > Hmm. I just have a convention for CNs that goes like
> > <username>-<extraname>.vpn.company.com, where the key-generation
> > instructions document to the user that <extraname> should be something
> > that identifies the system they're using. (CSRs are manually reviewed
> > before signing, so IT can bounce back a certificate that fails to follow
> > this convention).
> >
> > As long as I don't use duplicate-cn, the users have plenty of motivation
> > to build extra certificates for their spare machines, and so I don't find
> > that the problem you describe is one that I have.
> 
> I don't use --duplicate-cn either. The problem is that all users don't 
> realize that using the same certificate on multiple machines causes 
> problems. They are not allowed to copy the certificate to another machine 
> at all, so even if they never connect simultainously, I want to know if 
> they connect from another machine than the allowed one.
> 
> I just think it would be useful to have some info about the connecting 
> system, like the hostname, in the server log.

I think it would be a fairly easy feature to add.  There's already a
control channel for messages like PUSH_REQUEST, PUSH_REPLY, AUTH_FAILED,
etc.  We can just make a new message type called "INFO" which either side
can send, and which upon receipt will be echoed to the logfile.

James



-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users

References:
- [Openvpn-users] Post 2.0 feature request
  - From: Mathias Sundman
- [Openvpn-users] Re: Post 2.0 feature request
  - From: Charles Duffy
- Re: [Openvpn-users] Re: Post 2.0 feature request
  - From: Mathias Sundman

Prev by Date: Re: [Openvpn-users] Re: Post 2.0 feature request
Next by Date: Re: [Openvpn-users] Re: Help tunneling internet connection over VPN TAP connection.
Previous by thread: Re: [Openvpn-users] Re: Post 2.0 feature request
Next by thread: Re: [Openvpn-users] Maximum PUSH options size problem
Index(es):
- Date
- Thread