[ previous ] [ next ] [ threads ]
 
 From:  Peter Curran <lists at closeconsultants dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] OpenVPN authentication
 Date:  Fri, 3 Dec 2004 10:54:54 +0000
Henning

> We're building a partly messhed VPN-network, as we are going to
> implement out internal telephony as a VoIP-solution.
> - our internal calls has to go thru the VPN's and the rest directly to
> our external VoIP provider.
>
I would be very interested to hear how this works out for you - I am looking 
at implementing a similar setup for some of my customers and would like to 
get a feeling for performance issues.

> Isn't there a way to refuse certain certificates access without
> recreating all certificates?
>
Yes - through a revocation list.

I am working on this feature for inclusion in a future beta, as well as 
per-client configuration based on client certificates.  This will not be out 
for the next beta as the priority is currently focused on re-integration of 
the OpenVPN package without relying on (messing up) the optional interfaces 
configuration.

You will need to publish a CRL with the revoked certs on and then import into 
the system via the webGUI.

Peter


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.