search

idlab-discover / easy-openvpn-server

Plug-and-play OpenVPN server which generates server and client config files for you
https://snapcraft.io/easy-openvpn-server
GNU Affero General Public License v3.0
69 stars 9 forks source link

password protection #10

Open gruz123 opened 2 years ago

gruz123 commented 2 years ago

Hi, it's greate! thanks! How can assing password protection?

merlijn-sebrechts commented 2 years ago

Hi @gruz123! This is currently not possible. Why do you want to use password protection?

The default protection using SSL certificates and private key cryptography is more secure than passwords. Each user has a separate .ovpn config file which includes a (user-specific) private key, an SSL certificate and a shared secret. If you give each users their separate .ovpn config file, there is no need for additional protection using passwords.

gruz123 commented 2 years ago

Hi @gruz123! This is currently not possible. Why do you want to use password protection?

The default protection using SSL certificates and private key cryptography is more secure than passwords. Each user has a separate .ovpn config file which includes a (user-specific) private key, an SSL certificate and a shared secret. If you give each users their separate .ovpn config file, there is no need for additional protection using passwords.

in my case it's very important. Some pc use several diferent .ovpn config for several servers, also incase if someone get access to pc, it get access to network.

merlijn-sebrechts commented 2 years ago

I think the best way to solve this issue is to implement PAM or LDAP authentication. I currently don't have time to implement this, but I'll put it on the wishlist.

For reference, if anyone wants to implement this: https://openvpn.net/community-resources/using-alternative-authentication-methods/