OpenVPN-Admin icon indicating copy to clipboard operation
OpenVPN-Admin copied to clipboard

Published 20 hours ago verified publisher icon Chocobozzz

How to generate individual key file for each user and use the key in authentication of OpenVPN?

Open NathanZhang217 opened this issue 6 years ago • 5 comments

I'm planing to generate individual key file for each user by OpenVPN-Admin. Then all users will use key files to connect to OpenVPN. Any suggestion or sample of config file? Thanks.

NathanZhang217 avatar Dec 03 '18 21:12 NathanZhang217

You mean instead of passwords?

lagman avatar Dec 04 '18 08:12 lagman

You mean instead of passwords?

Not instead password. If possible, I'd like to use both password and key file, some kind of two factors authentication. Thanks.

NathanZhang217 avatar Dec 05 '18 15:12 NathanZhang217

see if this option on openvpn does what you need. verify-client-cert by default in this project is set to none. it takes three options:

  • none
  • optional
  • required

Take a loot at this, and see if it does what you want

lagman avatar Dec 13 '18 16:12 lagman

Thanks for the answer. Yes, by requiring verify-client-cert, I can have two factor auth of OpenVPN. After this, I still need the OpenVPN-Admin to generate and sign the key for each user. And make the key downloadable with the config files. I guess there's some PHP scripting work to do. Any help with this part?

NathanZhang217 avatar Dec 13 '18 17:12 NathanZhang217

https://github.com/Nyr/openvpn-install take a look at this script, and see how it creates a certificate, and after the cert is created using this commit https://github.com/lagman/OpenVPN-Admin/commit/0ebe5b52ea3654f9f7632172d594e01daca00a0b see how it can be added to the script

lagman avatar Dec 13 '18 17:12 lagman