Book Image

OpenVPN 2 Cookbook

Book Image

OpenVPN 2 Cookbook

Overview of this book

Table of Contents (19 chapters)
OpenVPN 2 Cookbook
Credits
About the Author
About the Reviewers
www.PacktPub.com
Preface
Index

Using a 'tls-verify' script


OpenVPN has several layers at which the credentials of a connecting client are verified. It is even possible to add a custom layer to the verification process by specifying a tls-verify script. In this recipe, we will demonstrate how such a script can be used to allow access only for a particular certificate.

Getting ready

Install OpenVPN 2.1 or higher on two computers. Make sure the computers are connected over a network. Set up the client and server certificates using the first recipe from Chapter 2, Client-server IP-only network. For this recipe, the server computer was running CentOS 5 Linux and OpenVPN 2.1.1. The client was running Windows 2000 and OpenVPN 2.1.1. Keep the client configuration file, basic-udp-client.ovpn, from the Chapter 2 recipe Using an 'ifconfig-pool' block at hand.

How to do it...

  1. Create the server configuration file:

    proto udp
    port 1194
    dev tun
    
    server 192.168.200.0 255.255.255.0
    
    ca       /etc/openvpn/cookbook/ca.crt
    cert     /etc/openvpn...