openvpn woes

Corey Edwards tensai at zmonkey.org
Wed Nov 9 10:33:25 MST 2005


On Wed, 2005-11-09 at 10:16 -0700, Andrew McNabb wrote:
> On Wed, Nov 09, 2005 at 09:16:39AM -0700, Corey Edwards wrote:
> > > On Wed, Nov 09, 2005 at 08:23:36AM -0700, Hans Fugal wrote:
> > > > 
> > > > Provided you're using the server mode (which implies TLS). If you are
> > > > using e.g. preshared keys then you'd have to run a second daemon on the
> > > > "server" peer (with its own tun).
> > 
> > TLS is the way to go. First, a few references.
> >         
> 
> That's what I've been doing all along.  My question, though, is what is
> the setup that requires a second server daemon?

If the server is configured to use a secret key, it can handle only one
connection to one peer. I gather that it's something to do with the
protocol. In order to add another client (be it TLS or shared secret)
you would need a second daemon running on a new port.

Corey

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://plug.org/pipermail/plug/attachments/20051109/77374bad/attachment.bin 


More information about the PLUG mailing list