Chapter 6. Certificates and Authentication

There are many methods of authentication available within OpenVPN. At its introduction, OpenVPN supported only a simple pre-shared key but today supports X.509 certificate chains, user and password authentication, and third-party authentication plugins and scripts. Each of these can be used separately, or they can be combined to form a robust authentication and authorization framework.

Along with robustness, complexity creates potential confusion and adds difficulty in troubleshooting authentication issues, understanding how the individual components affect the connection process and where logic is applied in accepting or rejecting a client or user.

Mismanagement of your PKI can have great consequences, ...

Get Troubleshooting OpenVPN now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.