Can I use OpenVPN with a single secret password instead of a keys set?

vpn openvpn

I am looking forward to create an as-simple-as-possible OpenVPN set-up.

I would like to use a single password to secure the communication instead of a set of key files.

How can I set it up this way?


Yes, OpenVPN calls this the "static key" setup:

http://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html

Note the listed disadvantages:

  • Limited scalability -- one client, one server
  • Lack of perfect forward secrecy -- key compromise results in total disclosure of previous sessions
  • Secret key must exist in plaintext form on each VPN peer
  • Secret key must be exchanged using a pre-existing secure channel

To use password authntification from file, you should use this directives in server configuration file:

  • client-cert-not-required to allow authentification with user/password only
  • username-as-common-name to get common name from username, because it can't be taken from certificate
  • script-security 2 to allow calling external scripts
  • auth-user-pass-verify <script> <method> to force server ask for user/password. <script> is executable file used to check user/password pair. <method> is on of "via-env" and "via-file". Read manual about auth-user-pass-verify directive for details

You should write script by yourself.

Related

Adding and using header (HTTP) in nginx
Redirecting from one TLD to another
shell /bin/false allowing SFTP access [Ubuntu 12.04]
Using DynamoDB for logging user activity
High Tq values for HAProxy
Should I use swap in KVM guest?
Microsoft CA certificate templates expires sooner than expected
AirPlay over unicast DNS-SD. Anyone got it working?
Why is visudo saying there's a syntax error?
tomcat6 on CentOS 6: cannot stop/restart service
Headset for phone calls in the datacenter
How do I prevent IIS 8 from stopping idle ASP.NET applications?