0

On our current basic OpenVPN (on Windows) setup, we are using common client certificates for all clients. In order to introduce some kind of security, what are the possible measures I can make ? Alongside the following option ?

  • Can I remotely replace client.cert file on client (through openVPN connection - upload custom client.cert file to the client from server) ?

Secondly:

  • Can we change static Virtual IP settings in client.ovpn config file remotely (through openVPN connection) ? So that first time client may connect to openVPN server with any virtual IP and then some application (maintaining virtual IPs) may set an available Virtual IP in client.ovpn ?
theGeekster
  • 155
  • 1
  • 2
  • 9

1 Answers1

0

OpenVPN doesn't provide a mechanism to modify client configuration remotely. If the clients have some kind of remote access configured like SSH or RDP you could do this, but if you mess it up you'll lose the client and have to recover it out of band.

You shouldn't be setting static IPs on the client side -- either have the server allocate addresses dynamically, or configure the static addresses on the server where you can easily change them.

mgorven
  • 30,036
  • 7
  • 76
  • 121
  • What if i have telnet access to the client? Shall i be able to replace client.cert via telnet? My purpose to do this is to install custom certs into each client to make it secure. I have been looking over the net that in client.ovpn file, we can set a static virtual ip and client will always be assigned that ip when connecting to oVPN. This is what i want to do after the client is first connected to the server. Am i thinking right or not ? – theGeekster Feb 07 '13 at 19:18
  • @theGeekster Sure, if you have telnet access you could change the certs. You still shouldn't configure static IPs on the client side, rather configure the server to hand out specific IPs to specific clients. – mgorven Feb 07 '13 at 19:19
  • Is there any possibility to change certs on oVPN clients without telnet? Infact I am having issue with setting up telnet on my oVPN Server [Ref: http://serverfault.com/questions/477520/issue-with-setting-up-telnet-management-on-open-vpn-server ]. Any link/help in configuring the server to hand out specific IPs to specific clients please? – theGeekster Feb 11 '13 at 06:22