https://wiki.ixheim.de/index.php?action=history&feed=atom&title=OPENVPN_with_ldap_User-Authentication
OPENVPN with ldap User-Authentication - Versionsgeschichte
2026-05-15T01:05:07Z
Versionsgeschichte dieser Seite in Xinux Wiki
MediaWiki 1.35.1
https://wiki.ixheim.de/index.php?title=OPENVPN_with_ldap_User-Authentication&diff=20333&oldid=prev
Niklas.guenauer: Die Seite wurde neu angelegt: „=Install= *sudo apt install openvpn openvpn-auth-ldap =Server= ==on ldap server== *samba-tool group add homeoffice *samba-tool user create openvpn W!rkl1cHs3Hr…“
2020-03-19T13:42:36Z
<p>Die Seite wurde neu angelegt: „=Install= *sudo apt install openvpn openvpn-auth-ldap =Server= ==on ldap server== *samba-tool group add homeoffice *samba-tool user create openvpn W!rkl1cHs3Hr…“</p>
<p><b>Neue Seite</b></p><div>=Install=<br />
*sudo apt install openvpn openvpn-auth-ldap<br />
=Server=<br />
==on ldap server==<br />
*samba-tool group add homeoffice<br />
*samba-tool user create openvpn W!rkl1cHs3HrG3he!m<br />
===create and add users to group===<br />
*samba-tool user create hw1 s3HrG3he!m<br />
*samba-tool group addmembers homeoffice hw1<br />
==Create DH Key==<br />
*cd /etc/openvpn<br />
*openssl dhparam -out dh2048.pem 2048<br />
Place also openvpn-ca.crt openvpn-linux.crt openvpn-linux.key in this directory<br />
==Server Config==<br />
*vi /etc/openvpn/homeoffice.conf<br />
<pre><br />
dev tun<br />
mode server<br />
tls-server<br />
port 5000<br />
topology subnet<br />
server 172.31.2.0 255.255.255.0<br />
push "route 192.168.95.0 255.255.255.0"<br />
push "dhcp-option DOMAIN vulkan.int"<br />
push "dhcp-option DNS 192.168.95.10"<br />
cipher AES-256-CBC<br />
link-mtu 1542<br />
status /tmp/cool-vpn.status<br />
keepalive 10 30<br />
client-to-client<br />
max-clients 150<br />
verb 3<br />
dh /etc/openvpn/dh2048.pem<br />
ca /etc/openvpn/openvpn-ca.crt<br />
cert /etc/openvpn/openvpn-linux.crt<br />
key /etc/openvpn/openvpn-linux.key<br />
client-cert-not-required<br />
compress<br />
persist-key<br />
persist-tun<br />
client-config-dir client<br />
username-as-common-name<br />
plugin /usr/lib/openvpn/openvpn-auth-ldap.so /etc/openvpn/auth-ldap.conf login<br />
script-security 3<br />
</pre><br />
<br />
==auth-ldap.conf==<br />
<pre><br />
<LDAP><br />
URL ldaps://mero.vulkan.int<br />
BindDN "CN=openvpn,CN=Users,DC=vulkan,DC=int"<br />
Password "W!rkl1cHs3HrG3he!m"<br />
Timeout 15<br />
TLSEnable no<br />
# Follow LDAP Referrals (anonymously)<br />
FollowReferrals no<br />
# TLS CA Certificate File<br />
TLSCACertFile /etc/openvpn/openvpn-ca.crt<br />
</LDAP><br />
<br />
<Authorization><br />
BaseDN "dc=vulkan,dc=int"<br />
SearchFilter "(&(sAMAccountName=%u)(memberOf=CN=homeoffice,CN=Users,DC=vulkan,DC=int))"<br />
RequireGroup false<br />
</Authorization><br />
</pre><br />
=Client=<br />
==Client Config==<br />
<pre><br />
port 5000<br />
dev tun0<br />
remote neo.harirbo.net<br />
tls-client<br />
cipher AES-256-CBC<br />
link-mtu 1542<br />
mssfix 1450<br />
pull<br />
compress<br />
verb 3<br />
auth-user-pass<br />
setenv CLIENT_CERT 0<br />
<ca><br />
-----BEGIN CERTIFICATE-----<br />
place your cacert here<br />
-----END CERTIFICATE-----<br />
</ca><br />
</pre></div>
Niklas.guenauer