|
|
Chuck Bunn wrote: > As a secondary layer of protection and as a precaution against someone > accessing a VPN through a stolen laptop (yes I know I can revoke a > certificate but what happens if the user does not report the theft > immediately) - how do I set OpenVPN to ask for a password before > connecting with the certificate. I tried 'build-key-pass' during key > generation and this did not work (I assume that it will ask for a > password before the key can be opened for viewing). I am thinking of > something along the lines of a preshared key??? To have the server require that the client provide a username/password pair, see the auth-user-pass directive. Passwords used to encrypt a key, which supported, are less valuable from a security perspective because the user can change them; having a separate username/password pair which is authenticated on the server side (rather than used to decrypt a key on the client side) is preferable. _______________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |