openvpn woes

Hans Fugal hans at fugal.net
Wed Nov 9 10:54:56 MST 2005


On Wed,  9 Nov 2005 at 10:33 -0700, Corey Edwards wrote:
> On Wed, 2005-11-09 at 10:16 -0700, Andrew McNabb wrote:
> > On Wed, Nov 09, 2005 at 09:16:39AM -0700, Corey Edwards wrote:
> > > > On Wed, Nov 09, 2005 at 08:23:36AM -0700, Hans Fugal wrote:
> > > > > 
> > > > > Provided you're using the server mode (which implies TLS). If you are
> > > > > using e.g. preshared keys then you'd have to run a second daemon on the
> > > > > "server" peer (with its own tun).
> > > 
> > > TLS is the way to go. First, a few references.
> > >         
> > 
> > That's what I've been doing all along.  My question, though, is what is
> > the setup that requires a second server daemon?
> 
> If the server is configured to use a secret key, it can handle only one
> connection to one peer. I gather that it's something to do with the
> protocol. In order to add another client (be it TLS or shared secret)
> you would need a second daemon running on a new port.

Plus the fact that the original design was one-to-one, and then they
added server mode with TLS (because really anyone doing many-to-one
should be using the more secure TLS anyway), and there was much
rejoicing. 

Basically, see the manpage in the --server section.

-- 
Hans Fugal ; http://hans.fugal.net
 
There's nothing remarkable about it. All one has to do is hit the 
right keys at the right time and the instrument plays itself.
    -- Johann Sebastian Bach
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://plug.org/pipermail/plug/attachments/20051109/f4902b33/attachment.bin 


More information about the PLUG mailing list