What we have done until now is securing the tunnel by using strong encryption and client and server certificates. However, these certificates do only secure the machine they were created for. You may argue, what about password protection? That is a fair point, but today central authentication is an important focus of any IT. Thus, a password stored in a certificate created years ago may be difficult to remember. I prefer the two-stage scenario of client and server certificates plus authentication of the client user at logon. All of the GUIs presented in the next chapter support these methods. Let's roll!
Using authentication methods
We have learned before that OpenVPN can be used with authentication based on shared secrets (static ...