Openvpn with username and password
There's a directive you can use in your server.conf
, depending on your OpenVPN version.
-
client-cert-not-required:
Makes your VPN a less secure as the cert is not required to authenticate (deprecated).
-
verify-client-cert none|optional|require:
Using verify-client-cert none is the equivalent of the aforementioned option.
Source Link: Click here
Kamal Panhwar
I am Full Stack Ruby On Rails/NodeJS/Php Developer and A VoIP/DevOps Engineer experience having various technical skills Linux, Apache, Mysql, Postgres, MongoDB, NodeJS Deployment of Solutions, Security and Monitoring, Nagios, Monit, Opensips, Asterisk, AngularJS, ReactJS, React Native, Api development etc. I am a Strong believer in Open Source clean code development, focus in quality and reusability. I am a lover of Agile Principles, Test Driving Development and practices. Have been using Ruby on Rails, PHP and Javascript. I always try to be up-to-date in the IT World. I was always divided into programming and system administration, so have very strong skills in Linux systems with respect to security and VoIP telecommunications software. Specialties: Strong background in IT management, recruiting, policy making, Managing Mobile application development, Designing and optimisation database structure, software architecture experience in enterprise size environment, comfort with and understanding of version control and continuous integration, strong Object Oriented Design and Functional programming. Currently working on Ruby on Rails, ELixir/Phoenix Framework and PHP. Knowledge of SQLite, MySQL, MSSQL and other similar databases. Worked on different technologies PHP, Javascript, web technologies, Elixr, Phoenix and many frameworks. Web service expertise SOAP, REST, JSON, XML and wide exposure to third-party libraries and API integrations. Strong understanding of Unit Testing. Ability to build and guide the technology team and resolve any issue that arises. Mentoring juniors, code review, best practice, security policy implementations, helping juniors to code better, git code reviews. My Youtube Channel My linkedin Profile
Updated on June 24, 2022Comments
-
Kamal Panhwar almost 2 years
I have configure OpenVPN it is working fine. But I always need to import configuration and it has ca certificate, I enabled username and password authentication. But still I need to add this certificate.
How can I connect openvpn without certificate and configuration but only username and password.
Server Configuration
port 1194 proto udp dev tun sndbuf 0 rcvbuf 0 ca /etc/openvpn/ca.crt cert /etc/openvpn/server.crt key /etc/openvpn/server.key dh /etc/openvpn/dh.pem auth SHA512 tls-auth /etc/openvpn/ta.key 0 topology subnet server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 94.237.127.99" push "dhcp-option DNS 94.237.40.99" keepalive 10 120 cipher AES-256-CBC user nobody group nogroup persist-key persist-tun status openvpn-status.log verb 4 crl-verify /etc/openvpn/crl.pem --verify-client-cert none log-append /var/log/openvpn.log script-security 2 auth-user-pass-verify /etc/openvpn/example.sh via-file
client configuration
client dev tun proto udp sndbuf 0 rcvbuf 0 remote 94.237.88.154 1194 resolv-retry 5 nobind persist-key persist-tun remote-cert-tls server auth SHA512 cipher AES-256-CBC setenv opt block-outside-dns key-direction 1 verb 3 auth-user-pass script-security 2 <ca> -----BEGIN CERTIFICATE----- ### ### -----END CERTIFICATE-------
Now when I import this file and use my userid and password it connect, but I want to connect openvpn client without importing this client file and only providing username and password.
-
U. Windl almost 5 yearsI think this answer is unrelated to the question.
-
Ivan Montilla Miralles almost 5 yearsWith all due respect, I don't think it's unrelated. He's asking how to do username/password authentication without requiring certificate authentication. This setting allows exactly that. How is it unrelated?
-
josoler almost 5 yearsI think the question here is how clients should connect to the VPN with no certificate
-
Ivan Montilla Miralles almost 5 years@josoler Yup, that's right. But if the server requires the certificate, there's nothing he can do, except applying my solution. So he must remove certificate validation/requirement on the server side, in order to achieve that.