OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 16.7 Legacy Series »
  • [SOLVED] VPN with SSL and LDAP Authentication
« previous next »
  • Print
Pages: [1]

Author Topic: [SOLVED] VPN with SSL and LDAP Authentication  (Read 6238 times)

marc.laederach

  • Newbie
  • *
  • Posts: 9
  • Karma: 1
    • View Profile
[SOLVED] VPN with SSL and LDAP Authentication
« on: December 02, 2016, 12:17:31 pm »
Good day

I used the following road warrior manual to set up VPN with SSL:
https://docs.opnsense.org/manual/how-tos/sslvpn_client.html

But whereas this manual uses single user authentication, I would like to use LDAP Authentication which works fine without SSL. But as soon as I switch the authentication mode from "Remote Access (User Auth)" to "Remote Access (SSL/TLS + User Auth)", it stops working probably as there is no user certificate available.

The log of OpenVPN GUI says the following:
Quote
Fri Dec 02 11:47:42 2016 OpenVPN 2.3.13 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Nov  3 2016
Fri Dec 02 11:47:42 2016 Windows version 6.2 (Windows 8 or greater) 64bit
Fri Dec 02 11:47:42 2016 library versions: OpenSSL 1.0.1u  22 Sep 2016, LZO 2.09
Enter Management Password:
Fri Dec 02 11:47:53 2016 Control Channel Authentication: tls-auth using INLINE static key file
Fri Dec 02 11:47:53 2016 Attempting to establish TCP connection with [AF_INET]<public-IP>:1194 [nonblock]
Fri Dec 02 11:47:54 2016 TCP connection established with [AF_INET]<public-IP>:1194
Fri Dec 02 11:47:54 2016 TCPv4_CLIENT link local (bound): [undef]
Fri Dec 02 11:47:54 2016 TCPv4_CLIENT link remote: [AF_INET]<public-IP):1194
Fri Dec 02 11:47:54 2016 Connection reset, restarting

Fri Dec 02 11:47:54 2016 SIGUSR1[soft,connection-reset] received, process restarting

Is it even possible to have VPN with SSL and LDAP authentication? Or is there a workaround (e.g. by using RADIUS via AD like in this manual for pfsense https://doc.pfsense.org/index.php/OpenVPN_with_RADIUS_via_Active_Directory)?

Thanks in advance for any help and suggestions.


Kind Regards
Marc
« Last Edit: December 08, 2016, 08:15:47 am by franco »
Logged

marc.laederach

  • Newbie
  • *
  • Posts: 9
  • Karma: 1
    • View Profile
Re: VPN with SSL and LDAP Authentication
« Reply #1 on: December 07, 2016, 09:30:04 am »
Good morning

I figured it out.
There's no need to have user certificates but you definitely need a client certificate, which was missing here. After I created the client certificate (the lower one in the attached screenshot), I had to export the VPN settings again and after that it was working.


Have a great day
Marc
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 16.7 Legacy Series »
  • [SOLVED] VPN with SSL and LDAP Authentication
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2