OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 18.1 Legacy Series »
  • Unique user-certificate is not unique on my box
« previous next »
  • Print
Pages: [1]

Author Topic: Unique user-certificate is not unique on my box  (Read 2441 times)

MrCCL

  • Newbie
  • *
  • Posts: 45
  • Karma: 3
    • View Profile
Unique user-certificate is not unique on my box
« on: June 14, 2018, 01:30:52 am »
My OpenVPN server config is set to "Server Mode = Remote Access (SSL/TLS + User Auth )".
I've created user-certificate for every user and made a Client Export for every user (Archive file with 3 files .key,.p12 & config file).
Each user also have a unique password. I'm not using TOTP.
But I can switch the .p12 file between the users on the clients and they can still establish a VPN connection to the server using another users .p12 file.
I thought the file was "paired" to the specific user?
« Last Edit: June 14, 2018, 07:47:53 am by MrCCL »
Logged

bartjsmit

  • Hero Member
  • *****
  • Posts: 1658
  • Karma: 168
    • View Profile
Re: Unique user-certificate is not unique on my box
« Reply #1 on: June 15, 2018, 09:01:22 am »
I think OpenVPN only checks a certificate status (revoked/expired), not if the subject corresponds with the username.

https://blog.remibergsma.com/2013/02/27/improving-openvpn-security-by-revoking-unneeded-certificates/

Bart...
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 18.1 Legacy Series »
  • Unique user-certificate is not unique on my box
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2