Clients and Users

[nikich700]

I apologize in advance as this is not a bug report but rather a question.

I have installed this software successfully and ran it on my laptop and phone. But do I need to generate a new set of certificates for every new device I connect to the VPN?

Is it better to have separate user profiles for different people or they all can be using default vpnuser?
How are users in chap-secrets and profiles in ikev2.sh --listclients are connected?

I am pretty sure I have read all the documentation, but I still don't get what terms users and clients have to do with each other. I suppose users should be different people and clients should be different devices these people use, but I don't see how each client is connected to each user.

Sorry, I am fairly new to all of this networking stuff.

[hwdsl2]

@nikich700 Hello! To answer your questions:

1. Users in /etc/ppp/chap-secrets are for IPsec/L2TP mode, while ikev2.sh is used to manage client certificates for IKEv2 mode. Those are different modes that you can use to connect to the VPN. There's also the IPsec/XAuth ("Cisco IPsec") mode.
2. For IPsec/L2TP and IPsec/XAuth modes, the same default user ("vpnuser") is created when setting up the VPN. If you use the helper scripts in this project to manage users (see project documentation), they will typically create or delete users for both of these modes.
3. For IKEv2 mode, authentication is done using certificates only, and the set of users/clients is completely separate from the other two modes in (2). You can run sudo ikev2.sh to manage client certificates for IKEv2 mode only.
4. The terms "users" and "clients" are in many cases interchangeable in this project. It is recommended to generate a new certificate (or create a new user) for every device you use to connect to the VPN.