OpenVPN PAM authentication

  • I am using the OpenVPN plugin with PAM authentication enabled. By default, every user in passwd is able to authenticate using PAM authentication.
    Is it possible to limit this right to certain users only to minimise the attack surface?

    • Official Post

    You have users that are allowed to use the system but you don't want to vpn?

    omv 6.1.1-1 Shaitan | 64 bit | 5.19 proxmox kernel | plugins :: omvextrasorg 6.1.1 | kvm 6.2.6 | compose 6.4.2 | mergerfs 6.3.4 | zfs 6.0.12
    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    • Official Post

    Yes. I want to limit my VPN access as much as possible to reduce the attack surface.

    Unfortunately, I don't use openvpn. I was just hoping to clarify what you were asking in case someone else who uses openvpn was reading. Maybe I thinking wrong on how the plugin works but if the user is required to get a cert and the admin has to add that user to allow them to download the cert, what is the risk? If someone can hack openvpn, limiting your user list won't help.

    omv 6.1.1-1 Shaitan | 64 bit | 5.19 proxmox kernel | plugins :: omvextrasorg 6.1.1 | kvm 6.2.6 | compose 6.4.2 | mergerfs 6.3.4 | zfs 6.0.12
    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!