diff options
Diffstat (limited to 'docs/configexamples/openvpn-ldap.rst')
| -rw-r--r-- | docs/configexamples/openvpn-ldap.rst | 94 |
1 files changed, 0 insertions, 94 deletions
diff --git a/docs/configexamples/openvpn-ldap.rst b/docs/configexamples/openvpn-ldap.rst deleted file mode 100644 index 402ab7f1..00000000 --- a/docs/configexamples/openvpn-ldap.rst +++ /dev/null @@ -1,94 +0,0 @@ -:lastproofread: 2023-01-29 - -.. _examples-openvvpn-ldap: - -######################### -OpenVPN with LDAP example -######################### - -Configuration AD and a windows server -===================================== - -We aim to configure LDAP authentication between the VYOS router and Windows Server 2019 (role: Active Directory) when our customers connect to our privet network using the OpenVPN client. -Using the general schema for example: - -.. image:: /_static/images/mainschema.png - :width: 80% - :align: center - :alt: Network Topology Diagram - -.. code-block:: none - - VyOS - the main OpenVPN server - Winserver - windows server with role Active Directory - Win10-PC - OpenVPN customer with LDAP authentication - -First, we need to configure the AD service and create two accounts. One account for the LDAP adapter built into the VYOS router and a second even account for our test client. - -.. image:: /_static/images/ldapone.png - :width: 80% - :align: center - :alt: Network Topology Diagram - -Picture 1 - Adding the AD role - -.. image:: /_static/images/ldaptwo.png - :width: 80% - :align: center - :alt: Network Topology Diagram - -Picture 2 - Adding the AD role - -Configuration VyOS router -========================= - -Make the configuration file for the LDAP plugin. - -.. code-block:: none - - vyos@vyos:~$ sudo cat /config/auth/ldap-auth.config - <LDAP> - URL ldap://10.217.80.58 - BindDN userldap@corp.vyos.com - Password YourPass - Timeout 15 - TLSEnable no - FollowReferrals no - </LDAP> - <Authorization> - BaseDN "DC=corp,DC=vyos,DC=com" - SearchFilter "sAMAccountName=%u" - RequireGroup false - </Authorization> - - -**This specific example is for a windows server 2019**: - -* URL ldap://10.217.80.58 - The URL of your LDAP server -* BindDN userldap@corp.vyos.com - The BindDN of the users' directory -* BaseDN "DC=corp,DC=vyos,DC=com" - In the block <Authorization> notice your domain - -Make the main config for VyOS like VPN and Authorization server: - -.. code-block:: none - - set interfaces ethernet eth0 address 'dhcp' - set interfaces openvpn vtun10 local-port '1194' - set interfaces openvpn vtun10 mode 'server' - set interfaces openvpn vtun10 openvpn-option '--plugin /usr/lib/openvpn/openvpn-auth-ldap.so /config/auth/ldap-auth.config' - set interfaces openvpn vtun10 persistent-tunnel - set interfaces openvpn vtun10 protocol 'udp' - set interfaces openvpn vtun10 server push-route 192.168.0.0/16 - set interfaces openvpn vtun10 server subnet '10.23.1.0/24' - set interfaces openvpn vtun10 tls ca-cert-file '/config/auth/openvpn/ca.crt' - set interfaces openvpn vtun10 tls cert-file '/config/auth/openvpn/central.crt' - set interfaces openvpn vtun10 tls crl-file '/config/auth/openvpn/crl.pem' - set interfaces openvpn vtun10 tls dh-file '/config/auth/openvpn/dh.pem' - set interfaces openvpn vtun10 tls key-file '/config/auth/openvpn/central.key' - set protocols static interface-route 10.23.0.0/20 next-hop-interface vtun10 - set service ssh port '22' - -Next, you need to install and configure the configuration file for the windows/Linux OpenVPN client. After connecting to the VPN servers, you will be prompted to go through LDAP authorization. - -**To automatically generate the openVPN configuration file for windows clients, you can use this link:** -https://ovpnconfig.com.br/
\ No newline at end of file |