easytls-client-connect.sh: If client source ip check is enabled then hardware address is unnecessary

TinCanTech / easy-tls

Manage and Inline OpenVPN TLS keys and Easy-RSA PKI credentials. Supports OpenVPN TLS-Crypt-V2 key system and OpenVPN Peer-Fingerprint mode.

GNU General Public License v2.0

87 stars 19 forks source link

easytls-client-connect.sh: If client source ip check is enabled then hardware address is unnecessary #295

Open TinCanTech opened 2 years ago

TinCanTech commented 2 years ago

easytls-client-connect.sh does recognise IP matches but -i|--client-ip-match is required to enable the check. This needs to be included in interactive script menus. Completed e488621774e3cdbcc73021e310466f1f10bfef4b

It is likely that using IP matching will work better if hardware matching is completely disabled, rather than allowing hardware mismatches. New option -z, disable hardware matching may be required.