opnSense and UCS - Radius/DHCP/VPN rights

Started by vikozo, August 30, 2020, 05:57:46 PM

Previous topic - Next topic
Hello

I have UCS (Univention Corporate Server) running with User Management.
I also run a opnSense FW.

first,
i manage Radius and DHCP on my opnSense, would it be wise to move this function to the UCS itself?
It is possible to hold them on both place like a master and Backup system? if yes how?

Then
i have also the VPN on my opnSense, how to manage the userrights for VPN over UCS and giving the Information to the opnSense, how to add the Certificate back to the user. Goal would be a login into the VPN and get the cert.

How did you solved this challange?

have a nice day
vinc
apu2c4 / wle200nx / 240 Disk --> Firewall | FW-03
---
OPNsense 22.1.6-amd64
FreeBSD 13.0-STABLE
OpenSSL 1.1.1n 15 Mar 2022

any idea how to solve this challange?
apu2c4 / wle200nx / 240 Disk --> Firewall | FW-03
---
OPNsense 22.1.6-amd64
FreeBSD 13.0-STABLE
OpenSSL 1.1.1n 15 Mar 2022

October 07, 2020, 03:02:17 PM #2 Last Edit: October 07, 2020, 03:05:27 PM by vikozo
Hello
ok i think the best would be:
UCS hold the USER Management
opnSense keep DHCP and Radius!

But on a Unifi AP i have to define for wlan Access a Radius server and i am not sure what should be added there!
Basicly the AP is allready connected with Radius and so far this works.
This (on the Picture) would be needed to check the user login too, so i am a bit confused...

The SSID is fixed to a VLAN and the VLAN is known on the opnSense, with WPA the connection works - just without user authentication

have a nice day
vinc
apu2c4 / wle200nx / 240 Disk --> Firewall | FW-03
---
OPNsense 22.1.6-amd64
FreeBSD 13.0-STABLE
OpenSSL 1.1.1n 15 Mar 2022

I do not have an answer for you however I have he same setup and also am looking for guidance on how best to have these play together.