OPNsense Forum

Archive => 18.1 Legacy Series => Topic started by: MrCCL on June 14, 2018, 01:30:52 am

Title: Unique user-certificate is not unique on my box
Post by: MrCCL on June 14, 2018, 01:30:52 am: My OpenVPN server config is set to "Server Mode = Remote Access (SSL/TLS + User Auth )".
I've created user-certificate for every user and made a Client Export for every user (Archive file with 3 files .key,.p12 & config file).
Each user also have a unique password. I'm not using TOTP.
But I can switch the .p12 file between the users on the clients and they can still establish a VPN connection to the server using another users .p12 file.
I thought the file was "paired" to the specific user?
Title: Re: Unique user-certificate is not unique on my box
Post by: bartjsmit on June 15, 2018, 09:01:22 am: I think OpenVPN only checks a certificate status (revoked/expired), not if the subject corresponds with the username.

https://blog.remibergsma.com/2013/02/27/improving-openvpn-security-by-revoking-unneeded-certificates/

Bart...

SMF 2.0.19 | SMF © 2021, Simple Machines
Privacy Policy