Hi, I will suggest a security implementation. Make possible for the NRclients to add a second certificate customized by the administrator: this give the possibility to have a strongest VPN. Example: the server admin create users and passwords, give to the client in VPN the possibility to initiate connection as is possible now, after that the administrator create a second Key Certificate customized and tell to the clients how to install it, install on the server to and restart VPN with more security. For get into VPN an external need to have: a NRclient, valid and active user and password, the IP of the server and a secondary Key Certificate that only users in VPN and the administrator know. If somebody can get into the VPN administrator just change the second Key Certificate before initiate to investigate why secrets are knowed, it give him a little more time..... I hope everybody understand my so bad english and exuse me for that.
_________________ Best regards. Filippo
|