Topics - michaelsage

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - michaelsage

Pages1

24.7, 24.10 Legacy Series / Connecting to AD for VPN Authentication

November 01, 2024, 11:03:36 AM

Hi,

This was working until recently, I thought I'd found an issue with a cert, but turns out it wasn't the issue. I am trying to authenticate against Windows AD (functional level 2016). Everything looks ok, certs and config, but when I use the tester, I get the following error:

LDAP bind error [error:0A000086:SSL routines::certificate verify failed (CA signature digest algorithm too weak); Can't contact LDAP server]

I don't really know where to look. For now I have set our VPN to use local users but I'd like to go back to AD if possible. Any ideas?

Thanks!

Documentation and Translation / Mailing List

January 21, 2021, 10:38:00 PM

Hi,
With the announce mailing list being discontinued, what is the best way to find out about releases? I do use twitter and follow you on there, but I found the emails useful to "flag" so I didn't forget to do the updates :)

Thanks for such a great product!

M

18.1 Legacy Series / [Resolved] WAN Gateway different subnet - Persistent

February 02, 2018, 11:38:57 PM

Hi All,

I run a dedicated server. I have a slight issue in that my WAN gateway is not on the same subnet as my public IPs.

I used shellcmd in pfSense and understand that doesn't exist in OPNSense which is fine.

Can I simple add the following to my /etc/rc file? Is it persistent (i.e. upgrades & updates)?

Code Select


route add -net GWIP -iface em0
route add default GWIP

Is there somewhere I should put it instead?

Thanks

Michael

17.7 Legacy Series / OPNSense - OpenVPN, LDAP & DUO

January 29, 2018, 10:16:58 AM

Hi,

I have recently moved across to OPNSense from pfSense. It's a bit of a learning curve, but so far everything is going ok. I do, however, have a bit of an odd issue.

I am using DUO for 2FA on my OpenVPN setup, this works by proxying the LDAP connection through a DUO proxy authenticator. What is suppose to happen is the OPNSense box makes the LDAP call to the DUO box that then checks the username / password combo and then pushes authentication to the users mobile device.

What happens at the moment is OPNSense is making the initial LDAP connection (i.e. the proxy connection), then the user is authenticated, the DUO proxy doesn't appear to get passed anything else and the user is logged in using just their username / password and certificate.

I am at a bit of a loss as to where to start, I have raised an issue on the DUO community support too.

It looks like OPNSense LDAP is making some kind of tunnel through the proxy to the LDAP server. Does this make any sense?

Any pointers?

Pages1