OPNsense OpenVPN: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(→Vorab) |
|||
| Zeile 16: | Zeile 16: | ||
**Access | **Access | ||
***Servers | ***Servers | ||
| − | + | ||
| + | {| class="wikitable" | ||
| + | ! Feld !! Wert | ||
| + | |- | ||
| + | | Descriptive name || openvpn-user-usc | ||
| + | |- | ||
| + | | Type || LDAP | ||
| + | |- | ||
| + | | Hostname or IP address || dc.xinux.org | ||
| + | |- | ||
| + | | Port value || 636 | ||
| + | |- | ||
| + | | Transport || SSL - Encrypted | ||
| + | |- | ||
| + | | Protocol version || 3 | ||
| + | |- | ||
| + | | Bind credentials || uid=opnsense-service,cn=users,dc=xinux,dc=org | ||
| + | |- | ||
| + | | Password || ******** | ||
| + | |- | ||
| + | | Search scope || Entire Subtree | ||
| + | |- | ||
| + | | Base DN || dc=xinux,dc=org | ||
| + | |- | ||
| + | | Authentication containers || cn=users,dc=xinux,dc=org | ||
| + | |- | ||
| + | | Extended Query || memberOf=cn=vpn-users,cn=groups,dc=xinux,dc=org | ||
| + | |- | ||
| + | | User naming attribute || uid | ||
| + | |- | ||
| + | | Read properties || ☑ | ||
| + | |- | ||
| + | | Synchronize groups || ☑ | ||
| + | |- | ||
| + | | Constraint groups || ☐ | ||
| + | |- | ||
| + | | Limit groups || Nothing selected | ||
| + | |- | ||
| + | | Automatic user creation || ☐ | ||
| + | |- | ||
| + | | Match case insensitive || ☐ | ||
| + | |} | ||
=CA erstellen= | =CA erstellen= | ||
Version vom 22. August 2025, 14:55 Uhr
Vorab
- Wir sollten immer nur SSL/TLS nutzen
- Dazu müssen wir den DC per Namen auflösen können.
- Und wir brauchen sein Stammzertifikat
Die User kommen von der ADS
- User haben entwder das Attribut
- SamAccountName
oder
- uid
- In der Domain muss ein Binduser und eine Gruppe angelegt sein
- Gruppe: vpnuser
- Binduser: ldapuser
Server anlegen
- System
- Access
- Servers
- Access
| Feld | Wert |
|---|---|
| Descriptive name | openvpn-user-usc |
| Type | LDAP |
| Hostname or IP address | dc.xinux.org |
| Port value | 636 |
| Transport | SSL - Encrypted |
| Protocol version | 3 |
| Bind credentials | uid=opnsense-service,cn=users,dc=xinux,dc=org |
| Password | ******** |
| Search scope | Entire Subtree |
| Base DN | dc=xinux,dc=org |
| Authentication containers | cn=users,dc=xinux,dc=org |
| Extended Query | memberOf=cn=vpn-users,cn=groups,dc=xinux,dc=org |
| User naming attribute | uid |
| Read properties | ☑ |
| Synchronize groups | ☑ |
| Constraint groups | ☐ |
| Limit groups | Nothing selected |
| Automatic user creation | ☐ |
| Match case insensitive | ☐ |
CA erstellen
- System
- Trust
- Authorities
- +
- Authorities
- Trust
Cert für den Openvpn Server erstellen
- System
- Trust
- Certificates
- +
- Certificates
- Trust
Konfiguration
- Static Key generieren
- VPN
- OpenVPN
- Instances
- Static Keys
- +
- Static Keys
- Instances
- OpenVPN
Wir wählen Auth als Crypt
- Auf das Zahnrad klicken
- Dern Server konfigurieren
- VPN
- OpenVPN
- Instances
- Instances
- +
- Instances
- Instances
- OpenVPN
Firewall Regeln
- WAN
- Firewall
- Rules
- WAN
- +
- WAN
- Rules
- OpenVPN
- Firewall
- Rules
- OpenVPN
- +
- OpenVPN
- Rules
Die Client Konfiguration exportieren
- VPN
- OpenVPN
- Client Export
- OpenVPN
