Hey everyone,
Trying to understand the whole OpenVPN with LDAP Configuration.
My Ldap is configured and tested via Tester and working.
I configured my OpenVPN Server to use Authentication my LDAP.
From the Docs its unclear for me if i need to import users now if i only want them for VPN use
or not, and how to sync so that when a new user is created in LDAP it automatically is created on the Opnsense too.
AFAIK import is only needed for GUI Access which i do not want
Also how do get the Client Certs created and how to import if i dont have to import the users?
Authentication happens "live" when the tunnel is initiated. You do not need to import the users. I use an LDAP filter to restrict access to a particular group:
Authentication Containers:
OU=Mitarbeiter,DC=intern,DC=punkt,DC=de
Extended Query:
memberOf=CN=VPN-Users,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de
The certificates I generated on OPNsense with a CA on OPNsense. We are using the same server and client certificate pair for all employees.
Awesome! worked like charm.
Thank you!