Hi!
I wonder if there are any methods for a user only be able to start a openvpn connection on my company laptops? Like authorize the remote connection just if be started from a specifc mac address of the company laptop..
Reason: I don’t want the employees to copy the config folder that contains the certificates, .ovpn file and install themselves the openvpn application in a personal computer and get the risk of a virus infection or something like this.
Thank you!
Device’s MAC address is used only in local subnets, you won’t ever see it on server, so this option is out.
Perhaps you could do something with permissions on company laptops. User account would have to be without admin rights. And then if OpenVPN client run as service under different account, certificate files (stored alone, not pasted in .opvn) could be made unreadable for user account. I didn’t actually try it, but I think there’s some chance. Although with physical access to device, it’s always problematic. But it could work for not so much skilled or determined users.
I’ll try to play with the OpenVPN service permissions and with different store folder for the files..thanks for the idea.