Using Authentication Methods
We have learned before that OpenVPN can be used with authentication based on shared secrets (static keys) and X.509 certificates. Another useful option for authentication is authentication plug-ins called with the configuration parameter auth-user-pass-verify, which can be used together with both methods mentioned before. For example, in a certificate-based VPN, we can use an authentication plug-in to make sure that only a user knowing the appropriate username/password combination can start the tunnel. This may be a convenient additional level of security for laptops or other road-warrior machines.
While certificates in this context tend to protect and authenticate machines rather than users, username/password combinations are useful for VPNs that are started by a human. The Windows GUI will pop up a small authentication window where the user must enter a username and password. The VPN client takes these values and sends them to the VPN server, which starts the...
