Using a 'tls-verify' script
OpenVPN has several layers at which the credentials of a connecting client are verified. It is even possible to add a custom layer to the verification process by specifying a tls-verify script. In this recipe, we will demonstrate how such a script can be used to allow access only for a particular certificate.
Getting ready
Install OpenVPN 2.1 or higher on two computers. Make sure the computers are connected over a network. Set up the client and server certificates using the first recipe from Chapter 2, Client-server IP-only network. For this recipe, the server computer was running CentOS 5 Linux and OpenVPN 2.1.1. The client was running Windows 2000 and OpenVPN 2.1.1. Keep the client configuration file, basic-udp-client.ovpn, from the Chapter 2 recipe Using an 'ifconfig-pool' block at hand.
How to do it...
Create the server configuration file:
proto udp port 1194 dev tun server 192.168.200.0 255.255.255.0 ca /etc/openvpn/cookbook/ca.crt cert /etc/openvpn...
