VPN clients

[latrosicarius]

Hello, I was reading this informative guide on how to set up OpenVPN server/clients and I have a question that maybe someone here knows.

It says you have to make a clientX.ovpn certificate for every client that you want. E.g.: client1.ovpn, client2.ovpn, client3.ovpn, etc.

My question is, what is this based on? Do you really need a unique one for each separate PC? If I want to just have an "anon" account, can't I just make an anon.ovpn and give it to all the clients?

Thanks

[Moby-Dick]

not delt with OpenVPN before , but I'm pretty sure that in a PKI type setup each client needs its own key ?

you coudl alwasy got for a PPTP type VPN or one based on a shared secret

[latrosicarius]

I've never used either so it's all new to me

Hmm, but how could it tell that it wasn't the same client that just moved to a different location?

[gman1981]

I've never used either so it's all new to me

Hmm, but how could it tell that it wasn't the same client that just moved to a different location?

I don't think that's the point. The certificate is used to make sure the device authenticating has got a certificate that has been allowed by the VPN server. I don't think the server cares what device it is as long as the certificate is valid.

[latrosicarius]

I don't think that's the point. The certificate is used to make sure the device authenticating has got a certificate that has been allowed by the VPN server. I don't think the server cares what device it is as long as the certificate is valid.

So what does that mean? That I can use the same client cert on all my clients?
Thanks

[gman1981]

I think so. I think I'm right in saying that the certificate is not checked against the client but against the authenticating server. Therefore the server probably doesn't care whether the certificate is for a particular client or not.
Although having thought about it I'm now not 100% sure

[latrosicarius]

Okay, the answer is no. I just tried it out, and, for whatever reasson, OpenVPN will disconnect the first computer connected by client1, if another computer logs in with client1.

thanks for your inputs

[mountainmachine]

Hello, I was reading this informative guide on how to set up OpenVPN server/clients and I have a question that maybe someone here knows.

It says you have to make a clientX.ovpn certificate for every client that you want. E.g.: client1.ovpn, client2.ovpn, client3.ovpn, etc.

My question is, what is this based on? Do you really need a unique one for each separate PC? If I want to just have an "anon" account, can't I just make an anon.ovpn and give it to all the clients?

Thanks

Interesting link am thinking about setting up some VPN myself so files can be accessed when i'm away from home etc. So let us know how this goes, i'm watching keenly.

[latrosicarius]

mountainmachine, it works, but here's the deal:

Each client has a certificate and a key file, which corresponds to the same file on the server.

So for instance, mine is called "client1". It works great, but only one computer can be logged in as client1 at any given time. If a second computer logs in as client1, it will disconnect the first.

Therefore you will have to do "client2" instead on the other computer, if you plan on connecting both at the same time.

Here is my current problem... I have 2 people who connect to my server. According to the online info I was reading, they are both supposed to have a full internet connection, but it will be routed THROUGH the server's internet connection.

The problem I have is one of the people's computer connects to the server fine, but maintains it's current IP address so it's not routing all traffic through my server ???

And the other person's computer connects to the server fine as well, but loses all other internet connectivity.

I believe these are both common problems, but I have yet to find an answer that will make them both route thru my server's connection like they are supposed to.