Using a tls-verify script
OpenVPN has several layers in which the credentials of a connecting client are verified. It is even possible to add a custom layer to the verification process by specifying a tls-verify
script. In this recipe, we will demonstrate how such a script can be used to allow access only for a particular certificate.
Getting ready
Install OpenVPN 2.3 or higher on two computers. Make sure that the computers are connected over a network. Set up the client and server certificates using the Setting up the public and private keys recipe from Chapter 2, Client-server IP-only Networks. For this recipe, the server computer was running Fedora 22 Linux and OpenVPN 2.3.10. The client was running Windows 7 64 bit and OpenVPN 2.3.10. For the client, keep the client configuration file, basic-udp-client.ovpn
, from the Using an ifconfig-pool block recipe, from Chapter 2, Client-server IP-only Networks .
How to do it...
Create the server configuration file:
proto udp port...