Adjustments

Some settings are not presented in the wizard but might be a better fit for some situations than the defaults chosen by the wizard.

Server Mode

The OpenVPN Server Mode allows selecting a choice between requiring Certificates, User Authentication, or both. The wizard defaults to Remote Access (SSL/TLS + User Auth). The possible values for this choice and their advantages are:

  • Remote Access (SSL/TLS + User Auth)
    • Requires both certificates AND username/password
    • Each user has a unique client configuration that includes their personal certificate and key.
    • Most secure as there are multiple factors of authentication (TLS Key and Certificate that the user has, and the username/password they know)
  • Remote Access (SSL/TLS)
    • Certificates only, no auth
    • Each user has a unique client configuration that includes their personal certificate and key.
    • Useful if clients should not be prompted to enter a username and password
    • Less secure as it relies only on something the user has (TLS key and certificate)
  • Remote Access (User Auth)
    • Authentication only, no certificates
    • Useful if the clients should not have individual certificates
    • Commonly used for external authentication (RADIUS, LDAP)
    • All clients can use the same exported client configuration and/or software package
    • Less secure as it relies on a shared TLS key plus only something the user knows (Username/password)

Certificate Revocation

Compromised certificates can be revoked by creating a Certificate Revocation List (CRL) in System > Cert Manager on the Certificate Revocation tab, adding the certificate to it, and then selecting that CRL on the OpenVPN server settings.

© Copyright 2025 . All Rights Reserved. AZTCO-FW| Developed By AZTCO-FW. Powered by AZTCO.