VPN with LDAP Sync and Client export

Started by tyrell, August 20, 2024, 10:37:11 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 20, 2024, 10:37:11 AM Last Edit: August 20, 2024, 10:41:04 AM by tyrell
Hey everyone,

Trying to understand the whole OpenVPN with LDAP Configuration.
My Ldap is configured and tested via Tester and working.
I configured my OpenVPN Server to use Authentication my LDAP.
From the Docs its unclear for me if i need to import users now if i only want them for VPN use
or not, and how to sync so that when a new user is created in LDAP it automatically is created on the Opnsense too.
AFAIK import is only needed for GUI Access which i do not want

Also how do get the Client Certs created and how to import if i dont have to import the users?
August 20, 2024, 12:25:03 PM #1
Authentication happens "live" when the tunnel is initiated. You do not need to import the users. I use an LDAP filter to restrict access to a particular group:

Authentication Containers:
Code Select
OU=Mitarbeiter,DC=intern,DC=punkt,DC=de

Extended Query:
Code Select
memberOf=CN=VPN-Users,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de

The certificates I generated on OPNsense with a CA on OPNsense. We are using the same server and client certificate pair for all employees.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
August 22, 2024, 08:10:03 AM #2
Awesome! worked like charm.
Thank you!
Print
Go Up Pages1
User actions