VPN: Client Access from Defined Systems
An option to manage that only defined systems can use the VPN-Client and the conf-files for connect.
It is more than easy to copy the conf-files from a XP to an linux-system and using open-vpn in a shell.
On our Aventail SSL-VPN Appliance you can say that it should work only if a special File exists or a actual Virusscanner is Available or if a computer is member of a given Active Directory .....
I ve no Idea but it s a problem that should be solved.
Moving the conf-files from XP to Linux is working too.
Perhaps a crypted binary with a unique key depending on the allowd system?
Which criteria should be applied to identify systems? Registry keys? System names? Or how do you mean "defined" systems?
It's also very easy to copy from an XP to another XP system, even if the SSL VPN client would use any information stored in the registry.
The key is to harden your local XP systems (device lockdown, matching access rights to your configuration files and keys, let OpenVPN run as a system service, hard disk encryption).