This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN without client cert - username / password auth only?

Hello,

I would like to authenticate SSL VPN Users only via there username and password.

If possible it would be nice to have a shared clients cert for all of our users.

Since the VPN config will be deployed to shared devices this is necessary.

 

Thanks

Philipp



This thread was automatically locked due to age.
Parents
  • Hi Philipp,

    OpenVPN (the underlying technology) can do SSL VPN connections without using a certificate but is classed as insecure by themselves. The Web Console itself for UTM 9 does not give you the ability to do a non-cert authentication for connection but there may be other ways to do this which would void the support of the UTM. Additionally if you were to make this work through changing the backend yourself, every new update will/potentially undo all of the changes you've made.

    The certificates are bound to each user identity as to the way the UTM is configured right now and again, OpenVPN can do 1 cert for all clients but the UTMs' console will not allow you to set this.

    That is my understanding however, there may be other ways round that another user here may have found :)

    Emile

Reply
  • Hi Philipp,

    OpenVPN (the underlying technology) can do SSL VPN connections without using a certificate but is classed as insecure by themselves. The Web Console itself for UTM 9 does not give you the ability to do a non-cert authentication for connection but there may be other ways to do this which would void the support of the UTM. Additionally if you were to make this work through changing the backend yourself, every new update will/potentially undo all of the changes you've made.

    The certificates are bound to each user identity as to the way the UTM is configured right now and again, OpenVPN can do 1 cert for all clients but the UTMs' console will not allow you to set this.

    That is my understanding however, there may be other ways round that another user here may have found :)

    Emile

Children