summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.log293
-rw-r--r--docs/configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst265
-rw-r--r--docs/configexamples/autotest/OpenVPN_with_LDAP/_include/client.conf10
-rw-r--r--docs/configexamples/autotest/OpenVPN_with_LDAP/_include/ldap-auth.config13
-rw-r--r--docs/configexamples/autotest/OpenVPN_with_LDAP/_include/ovpn-server.conf15
-rw-r--r--docs/configexamples/autotest/OpenVPN_with_LDAP/_include/topology.pngbin0 -> 40891 bytes
-rw-r--r--docs/configexamples/index.rst2
-rw-r--r--docs/configexamples/openvpn-ldap.rst94
8 files changed, 597 insertions, 95 deletions
diff --git a/docs/configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.log b/docs/configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.log
new file mode 100644
index 00000000..b4eb556b
--- /dev/null
+++ b/docs/configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.log
@@ -0,0 +1,293 @@
+2023-05-10 15:49:03,125 p=46395 u=rob n=ansible | PLAY [Automatic VyOS Lab test] ****************************************************************************************************************************************************************************************************
+2023-05-10 15:49:03,156 p=46395 u=rob n=ansible | TASK [eve-ng-lab-test : Get env file content] *************************************************************************************************************************************************************************************
+2023-05-10 15:49:03,473 p=46395 u=rob n=ansible | ok: [eveng -> localhost]
+2023-05-10 15:49:03,473 p=46395 u=rob n=ansible | ok: [ldap-server -> localhost]
+2023-05-10 15:49:03,473 p=46395 u=rob n=ansible | ok: [ovpn-server -> localhost]
+2023-05-10 15:49:03,474 p=46395 u=rob n=ansible | ok: [vyos-oobm -> localhost]
+2023-05-10 15:49:03,474 p=46395 u=rob n=ansible | ok: [client -> localhost]
+2023-05-10 15:49:03,477 p=46395 u=rob n=ansible | TASK [eve-ng-lab-test : OpenVPN_with_LDAP: Load facts] ****************************************************************************************************************************************************************************
+2023-05-10 15:49:03,501 p=46395 u=rob n=ansible | ok: [eveng]
+2023-05-10 15:49:03,516 p=46395 u=rob n=ansible | ok: [ldap-server]
+2023-05-10 15:49:04,604 p=46395 u=rob n=ansible | network_os is set to vyos
+2023-05-10 15:49:04,606 p=46395 u=rob n=ansible | network_os is set to vyos
+2023-05-10 15:49:04,607 p=46395 u=rob n=ansible | network_os is set to vyos
+2023-05-10 15:49:04,607 p=46395 u=rob n=ansible | [WARNING]: ansible-pylibssh not installed, falling back to paramiko
+
+2023-05-10 15:49:04,608 p=46395 u=rob n=ansible | [WARNING]: ansible-pylibssh not installed, falling back to paramiko
+
+2023-05-10 15:49:04,608 p=46395 u=rob n=ansible | [WARNING]: ansible-pylibssh not installed, falling back to paramiko
+
+2023-05-10 15:49:04,616 p=46395 u=rob n=ansible | ok: [client]
+2023-05-10 15:49:04,617 p=46395 u=rob n=ansible | ok: [ovpn-server]
+2023-05-10 15:49:04,617 p=46395 u=rob n=ansible | ok: [vyos-oobm]
+2023-05-10 15:49:04,622 p=46395 u=rob n=ansible | TASK [eve-ng-lab-test : OpenVPN_with_LDAP: fail if node_template_version is empty] ************************************************************************************************************************************************
+2023-05-10 15:49:04,646 p=46395 u=rob n=ansible | skipping: [eveng]
+2023-05-10 15:49:04,655 p=46395 u=rob n=ansible | skipping: [vyos-oobm]
+2023-05-10 15:49:04,662 p=46395 u=rob n=ansible | skipping: [ovpn-server]
+2023-05-10 15:49:04,665 p=46395 u=rob n=ansible | skipping: [client]
+2023-05-10 15:49:04,669 p=46395 u=rob n=ansible | skipping: [ldap-server]
+2023-05-10 15:49:04,672 p=46395 u=rob n=ansible | TASK [eve-ng-lab-test : generate openv-server CA] *********************************************************************************************************************************************************************************
+2023-05-10 15:49:04,687 p=46395 u=rob n=ansible | skipping: [eveng]
+2023-05-10 15:49:04,694 p=46395 u=rob n=ansible | skipping: [vyos-oobm]
+2023-05-10 15:49:04,703 p=46395 u=rob n=ansible | skipping: [client]
+2023-05-10 15:49:04,707 p=46395 u=rob n=ansible | skipping: [ldap-server]
+2023-05-10 15:49:05,742 p=46508 u=rob n=ansible | [DEPRECATION WARNING]: PlayContext.verbosity is deprecated, use
+ansible.utils.display.Display.verbosity instead. This feature will be removed
+in version 2.18. Deprecation warnings can be disabled by setting
+deprecation_warnings=False in ansible.cfg.
+2023-05-10 15:49:06,402 p=46508 u=rob n=p=46508 u=rob | paramiko [ovpn-server] | Connected (version 2.0, client OpenSSH_9.2p1)
+2023-05-10 15:49:06,706 p=46508 u=rob n=p=46508 u=rob | paramiko [ovpn-server] | Authentication (publickey) successful!
+2023-05-10 15:49:10,581 p=46395 u=rob n=ansible | ok: [ovpn-server]
+2023-05-10 15:49:10,588 p=46395 u=rob n=ansible | TASK [eve-ng-lab-test : install openv-server CA] **********************************************************************************************************************************************************************************
+2023-05-10 15:49:10,607 p=46395 u=rob n=ansible | skipping: [eveng]
+2023-05-10 15:49:10,616 p=46395 u=rob n=ansible | skipping: [vyos-oobm]
+2023-05-10 15:49:10,626 p=46395 u=rob n=ansible | skipping: [client]
+2023-05-10 15:49:10,631 p=46395 u=rob n=ansible | skipping: [ldap-server]
+2023-05-10 15:49:16,168 p=46395 u=rob n=ansible | [WARNING]: To ensure idempotency and correct diff the input configuration lines should be similar to how they appear if present in the running configuration on device
+
+2023-05-10 15:49:16,169 p=46395 u=rob n=ansible | changed: [ovpn-server]
+2023-05-10 15:49:16,176 p=46395 u=rob n=ansible | TASK [eve-ng-lab-test : generate openv-server SRV] ********************************************************************************************************************************************************************************
+2023-05-10 15:49:16,200 p=46395 u=rob n=ansible | skipping: [eveng]
+2023-05-10 15:49:16,208 p=46395 u=rob n=ansible | skipping: [vyos-oobm]
+2023-05-10 15:49:16,217 p=46395 u=rob n=ansible | skipping: [client]
+2023-05-10 15:49:16,222 p=46395 u=rob n=ansible | skipping: [ldap-server]
+2023-05-10 15:49:20,306 p=46395 u=rob n=ansible | ok: [ovpn-server]
+2023-05-10 15:49:20,313 p=46395 u=rob n=ansible | TASK [eve-ng-lab-test : install openv-server SRV] *********************************************************************************************************************************************************************************
+2023-05-10 15:49:20,333 p=46395 u=rob n=ansible | skipping: [eveng]
+2023-05-10 15:49:20,341 p=46395 u=rob n=ansible | skipping: [vyos-oobm]
+2023-05-10 15:49:20,351 p=46395 u=rob n=ansible | skipping: [client]
+2023-05-10 15:49:20,355 p=46395 u=rob n=ansible | skipping: [ldap-server]
+2023-05-10 15:49:26,238 p=46395 u=rob n=ansible | changed: [ovpn-server]
+2023-05-10 15:49:26,245 p=46395 u=rob n=ansible | TASK [eve-ng-lab-test : generate openv-server Client Cert] ************************************************************************************************************************************************************************
+2023-05-10 15:49:26,272 p=46395 u=rob n=ansible | skipping: [eveng]
+2023-05-10 15:49:26,279 p=46395 u=rob n=ansible | skipping: [vyos-oobm]
+2023-05-10 15:49:26,283 p=46395 u=rob n=ansible | skipping: [client]
+2023-05-10 15:49:26,288 p=46395 u=rob n=ansible | skipping: [ldap-server]
+2023-05-10 15:49:29,275 p=46395 u=rob n=ansible | ok: [ovpn-server]
+2023-05-10 15:49:29,282 p=46395 u=rob n=ansible | TASK [eve-ng-lab-test : install openv-server Client Cert] *************************************************************************************************************************************************************************
+2023-05-10 15:49:29,301 p=46395 u=rob n=ansible | skipping: [eveng]
+2023-05-10 15:49:29,310 p=46395 u=rob n=ansible | skipping: [vyos-oobm]
+2023-05-10 15:49:29,321 p=46395 u=rob n=ansible | skipping: [client]
+2023-05-10 15:49:29,326 p=46395 u=rob n=ansible | skipping: [ldap-server]
+2023-05-10 15:49:35,373 p=46395 u=rob n=ansible | changed: [ovpn-server]
+2023-05-10 15:49:35,381 p=46395 u=rob n=ansible | TASK [eve-ng-lab-test : generate openv-server DH] *********************************************************************************************************************************************************************************
+2023-05-10 15:49:35,406 p=46395 u=rob n=ansible | skipping: [eveng]
+2023-05-10 15:49:35,414 p=46395 u=rob n=ansible | skipping: [vyos-oobm]
+2023-05-10 15:49:35,423 p=46395 u=rob n=ansible | skipping: [client]
+2023-05-10 15:49:35,428 p=46395 u=rob n=ansible | skipping: [ldap-server]
+2023-05-10 15:51:03,970 p=46513 u=rob n=ansible | persistent connection idle timeout triggered, timeout value is 120 secs.
+See the timeout setting options in the Network Debug and Troubleshooting Guide.
+2023-05-10 15:51:03,970 p=46514 u=rob n=ansible | persistent connection idle timeout triggered, timeout value is 120 secs.
+See the timeout setting options in the Network Debug and Troubleshooting Guide.
+2023-05-10 15:51:04,081 p=46513 u=rob n=ansible | shutdown complete
+2023-05-10 15:51:04,081 p=46514 u=rob n=ansible | shutdown complete
+2023-05-10 15:51:15,179 p=46395 u=rob n=ansible | ok: [ovpn-server]
+2023-05-10 15:51:15,186 p=46395 u=rob n=ansible | TASK [eve-ng-lab-test : install openv-server DH] **********************************************************************************************************************************************************************************
+2023-05-10 15:51:15,206 p=46395 u=rob n=ansible | skipping: [eveng]
+2023-05-10 15:51:15,214 p=46395 u=rob n=ansible | skipping: [vyos-oobm]
+2023-05-10 15:51:15,225 p=46395 u=rob n=ansible | skipping: [client]
+2023-05-10 15:51:15,229 p=46395 u=rob n=ansible | skipping: [ldap-server]
+2023-05-10 15:51:20,903 p=46395 u=rob n=ansible | changed: [ovpn-server]
+2023-05-10 15:51:20,913 p=46395 u=rob n=ansible | TASK [eve-ng-lab-test : create ldap-auth.config] **********************************************************************************************************************************************************************************
+2023-05-10 15:51:20,938 p=46395 u=rob n=ansible | skipping: [eveng]
+2023-05-10 15:51:20,947 p=46395 u=rob n=ansible | skipping: [vyos-oobm]
+2023-05-10 15:51:20,956 p=46395 u=rob n=ansible | skipping: [client]
+2023-05-10 15:51:20,961 p=46395 u=rob n=ansible | skipping: [ldap-server]
+2023-05-10 15:51:22,675 p=46508 u=rob n=p=46508 u=rob | paramiko [ovpn-server] | Connected (version 2.0, client OpenSSH_9.2p1)
+2023-05-10 15:51:22,982 p=46508 u=rob n=p=46508 u=rob | paramiko [ovpn-server] | Authentication (publickey) successful!
+2023-05-10 15:51:23,960 p=46508 u=rob n=p=46508 u=rob | paramiko [ovpn-server] | Connected (version 2.0, client OpenSSH_9.2p1)
+2023-05-10 15:51:24,239 p=46508 u=rob n=p=46508 u=rob | paramiko [ovpn-server] | Authentication (publickey) successful!
+2023-05-10 15:51:24,554 p=46395 u=rob n=ansible | changed: [ovpn-server]
+2023-05-10 15:51:24,562 p=46395 u=rob n=ansible | TASK [eve-ng-lab-test : setup openv-server] ***************************************************************************************************************************************************************************************
+2023-05-10 15:51:24,585 p=46395 u=rob n=ansible | skipping: [eveng]
+2023-05-10 15:51:24,594 p=46395 u=rob n=ansible | skipping: [vyos-oobm]
+2023-05-10 15:51:24,604 p=46395 u=rob n=ansible | skipping: [client]
+2023-05-10 15:51:24,608 p=46395 u=rob n=ansible | skipping: [ldap-server]
+2023-05-10 15:51:36,392 p=46395 u=rob n=ansible | [WARNING]: To ensure idempotency and correct diff the input configuration lines should be similar to how they appear if present in the running configuration on device including the indentation
+
+2023-05-10 15:51:36,392 p=46395 u=rob n=ansible | changed: [ovpn-server]
+2023-05-10 15:51:36,400 p=46395 u=rob n=ansible | TASK [eve-ng-lab-test : generate openvpn client conifg] ***************************************************************************************************************************************************************************
+2023-05-10 15:51:36,425 p=46395 u=rob n=ansible | skipping: [eveng]
+2023-05-10 15:51:36,433 p=46395 u=rob n=ansible | skipping: [vyos-oobm]
+2023-05-10 15:51:36,443 p=46395 u=rob n=ansible | skipping: [client]
+2023-05-10 15:51:36,447 p=46395 u=rob n=ansible | skipping: [ldap-server]
+2023-05-10 15:51:37,890 p=46395 u=rob n=ansible | ok: [ovpn-server]
+2023-05-10 15:51:37,899 p=46395 u=rob n=ansible | TASK [eve-ng-lab-test : ansible.builtin.set_fact] *********************************************************************************************************************************************************************************
+2023-05-10 15:51:37,922 p=46395 u=rob n=ansible | skipping: [eveng]
+2023-05-10 15:51:37,931 p=46395 u=rob n=ansible | skipping: [vyos-oobm]
+2023-05-10 15:51:37,941 p=46395 u=rob n=ansible | skipping: [client]
+2023-05-10 15:51:37,946 p=46395 u=rob n=ansible | skipping: [ldap-server]
+2023-05-10 15:51:38,970 p=46395 u=rob n=ansible | ok: [ovpn-server]
+2023-05-10 15:51:38,980 p=46395 u=rob n=ansible | TASK [eve-ng-lab-test : debug] ****************************************************************************************************************************************************************************************************
+2023-05-10 15:51:39,012 p=46395 u=rob n=ansible | skipping: [eveng]
+2023-05-10 15:51:39,018 p=46395 u=rob n=ansible | skipping: [vyos-oobm]
+2023-05-10 15:51:39,022 p=46395 u=rob n=ansible | skipping: [client]
+2023-05-10 15:51:39,027 p=46395 u=rob n=ansible | skipping: [ldap-server]
+2023-05-10 15:51:40,051 p=46395 u=rob n=ansible | ok: [ovpn-server] => {
+ "msg": "client\nnobind\nremote 198.51.100.254 1194\nremote-cert-tls server\nproto udp\ndev tun\ndev-type tun\npersist-key\npersist-tun\nverb 3\n\n# Encryption options\n\nkeysize 256\ncomp-lzo no\n\n<ca>\n-----BEGIN CERTIFICATE-----\nMIIFnTCCA4WgAwIBAgIUORUZbBsuy0QupoJFJgXenSJ9AQQwDQYJKoZIhvcNAQEL\nBQAwVzELMAkGA1UEBhMCR0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcM\nCVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzEQMA4GA1UEAwwHdnlvcy5pbzAeFw0y\nMzA1MTAxMzQ5MDlaFw0zMzA1MDcxMzQ5MDlaMFcxCzAJBgNVBAYTAkdCMRMwEQYD\nVQQIDApTb21lLVN0YXRlMRIwEAYDVQQHDAlTb21lLUNpdHkxDTALBgNVBAoMBFZ5\nT1MxEDAOBgNVBAMMB3Z5b3MuaW8wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK\nAoICAQCsL2Xui58HXpl+jreqRxYfNDx1ER7umJ0iPw2dyBuJhP1Hy7vlwyZRvdRQ\nd2AexK1BU2lTkYMWh58BU/dxmnnVhfwr34wUYP6Cs10tKhOxTNj/87wfCBU1sCfv\nO77lPSNP9q/Ad7ZCF3K5Aruc6yO7i8Kx5mR9wysgNaVQQWCsZHKB91ZsviIsK51r\nVYNxF9WDxAP0Ms0pO/faSAFf70JbMG2jvRTAgQJ/+R+XXB/Rvg3cJrTYeSeFn+9l\nen5N4HQgraw3tq/OLePYaZBew7a+GZ7YRsVdJbwq2Ch5lRN/jZxAyv4WJoMNEGJv\nb5I8pj/F3ECg6NcEmXaSnRXIO6eaq1v/huIsxNnWT9ns+/JB7OBDmZ88iMKP9z37\nX/AMwLKhcqjMGE9tR8zOMld2vqNgk6bhBzz28WJ6FT3bI30RT2fq+mnvS7rVFVyC\nMlruRg8jIkwa0sictXsO8rl+5i1L+44DC+L7YIlGykAMhc+V1AD3nXRz6sQH6O8E\nsr5hS2t3zEjcQ/jN0amlAKs8KLPaYh+Ui0E1gx0H7wGfVEVQ48IweIrRrZ0h9BG2\ni/9eHaM0kQjUP+I+P00dP6LdOawLWhzNQ8+9ES+1EAP088XpKK4jw9m+o6goqaLq\nHN0QBrfW8wSyMFE4wYin3dYGcykWqyx6Up14DGbF0iBCKSRVQwIDAQABo2EwXzAP\nBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEF\nBQcDAgYIKwYBBQUHAwEwHQYDVR0OBBYEFG1bKeDc0O/cCwaarX59BCMSJDujMA0G\nCSqGSIb3DQEBCwUAA4ICAQBWI+p8tBzy6CO8ImP5DBQFwnVBv+6T59na2JrEq7nZ\nk0aBITWh9PRp5w+ZOe+cL9jHZEJNoaSjq3/bkF/CSKCIoa0YiZX/MAs4d/EnttRh\ncudwgTbE6q0tIKDLlxoYI0Gpo7j48W1rPd0FKAc7igy4eQKOwDmqqG9gVmNTyyrT\n1pVvaic7Ok/c1QmVOEub0f7kW2EA4Zk9+HUVGHYdp3WfOX8QCI5nTrAO6YJrw+d1\nBUly6krnb7NWDkWarJ51e6TAR1dz4zp++jhNVssEHbLQyA7+HzWnRSbxYndxCPBn\noXjQRwx8/3uUubj9l3CDIb1424D0sm8TNslhElD41/Ir1uQ/RRt15O1CKQJg6mpv\nDtgrOik+vpUMqBDYGQ38XgqzHYV1klCjo5NlNP33TRvlQe9B6LtxzBZvoxBfxYDI\nheSRdPbKP8DEHZ6z9d0d1Ubo/waExlcrUfBt4bbxNebsx9nuvVl8hl0R0iEInMjN\n3jaPrSrUEsPcXpBVL+VhzuWG7zTfGGUVIB+5UC/VCiFP+9LPqsfgBvXKIfIlj2db\nLJOsoxZrJtXq7Jvdn7NqFo7vR0hw+YIzmnCFAGpTx6yuWpjuf2y5dY48iTfMuP2v\nUoGRxoO+8wFQONj4psAD524SnOpEwYw+3fuw+P5zC6hT9y4XkZKsEnu6nJjB8T0B\nlA==\n-----END CERTIFICATE-----\n\n</ca>\n\n<cert>\n-----BEGIN CERTIFICATE-----\nMIIFsDCCA5igAwIBAgIUXOnWUTwh0zWkUX+LTlftlfkEGqAwDQYJKoZIhvcNAQEL\nBQAwVzELMAkGA1UEBhMCR0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcM\nCVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzEQMA4GA1UEAwwHdnlvcy5pbzAeFw0y\nMzA1MTAxMzQ5MjhaFw0zMzA1MDcxMzQ5MjhaMFYxCzAJBgNVBAYTAkdCMRMwEQYD\nVQQIDApTb21lLVN0YXRlMRIwEAYDVQQHDAlTb21lLUNpdHkxDTALBgNVBAoMBFZ5\nT1MxDzANBgNVBAMMBmNsaWVudDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC\nggIBAJgTHdmee0dFlbohSBF+Xy8XjWpCKnfXGNgr9JgU9+lzQ8SR+Z83XcRocvJX\nasSf4gDZK05pGhyXTx9KzTaYAZi1ZCK4pZ1fXZ+TdHgThLdLW7h/xDF3WU0omydC\nGiBkua3kldcRfhPnBYrWZwvHkeUOYNybRezM/fIGpnp74+YBXybGZ8YRLmRhc/j1\nQDJt0DLvVxfb6YkfU/vuSLnPtu40Ye/EsOhuPcStC9Mmctxx3msZH417z2wWQNvY\n926ZUQCXophkkhNA3kxUcz+gdV5ECCO+KPa7r305olFgv7c4KSNih7MmYBEyKMS7\npA+CF9etEJs3VmHT9avGtKvDMW8XhoqpxTWQ15CNaEFGTxCejPuI+nFCoqtAN9Y9\nO/A6rsLuM6EuaDX2qjSUfDMnUVVclE7yL8JDZEOQZw970Mi+TnhbXfYEyvX8HJLk\n4Vg2JUc67jTDRiQfgWuJHiaPyrYX2ssP8LU/oOis638mHo+7YpJCSeqF0R4m6lSi\nQJNOz8knawp40Uu1iA9RqQrYT8MRt2quCRn2aUolvRmNB4dHS/2TUdHChBdDxylL\nzbFtZLkCiWwKKNvu3ZjxMua2AjYe904r+S4duow4MxfKUFsoMY6GlscGeReMXJVV\nx2i+580wF/tn+3k/9PUS90FoFhQCidfxib/Eo4rOT03awPGBAgMBAAGjdTBzMAwG\nA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMC\nMB0GA1UdDgQWBBTTt3dGY9D07BI8V/0QmVI25bC+gDAfBgNVHSMEGDAWgBRtWyng\n3NDv3AsGmq1+fQQjEiQ7ozANBgkqhkiG9w0BAQsFAAOCAgEAKz+MT9JlvwUope8x\nrUuf+6s/fyiAvmQfGOAN6aBVyxO1+ZIAau6CXGJ9/MaJKF/Ju+V2zTpBVz2bFNxP\nHceY1z9rtQb0l+CG4elcsQY4vhouvDH+HoI8rP/jzFD25zsUmAlMaTZuLWU4WnVT\n2WhO5X1GZFKl5fT8ulyLx3rcb/CaiC6Kg+yi/tktFgpyWyjTMSVp9QBGYRudKVwK\nx585nb5a5Z+uLYBmYcYrRQvLWSQKGLb84qE8gOfek47FZCfoh7rlLpt8prFIW60x\nEarR4Ul/1xhs+2AqMw3mHuQrIxJgHvKoQHBkS/RadsRWglWasE0qm09BtoLeso1h\nZIXO2O830jXOYEZEuhE63iIHxBZUEUpurXt6he/IBL1l8UuRM6ArHtDo2awlnWlL\nUz34e1pSzLAtSfS9Iop+zxt/UDQtMCW/a2MQGB7m/kgCtICC0p8QsuGa8k/+SQOt\nTI1VAj/dJ2O5XFhfFYgDtT/XXa6o3nEmWW+KTtggcvGIyP0Huxq+6ShxrwKkXI0n\nWVffhVafcIkJnsUYTJu+Cx4KpilKV6+lzRQhK7UHfS0hErs0UQoZA4Fpz2uWukNe\n2fezl0IJThWPklGKOYriZyKb4i81i3occ1+9YpzKUrBD2ZI+t0Exp73/cfuQbiCO\niIu80S44myiZMfD2OPvjR0lBSoE=\n-----END CERTIFICATE-----\n\n</cert>\n\n<key>\n-----BEGIN PRIVATE KEY-----\nMIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCYEx3ZnntHRZW6\nIUgRfl8vF41qQip31xjYK/SYFPfpc0PEkfmfN13EaHLyV2rEn+IA2StOaRocl08f\nSs02mAGYtWQiuKWdX12fk3R4E4S3S1u4f8Qxd1lNKJsnQhogZLmt5JXXEX4T5wWK\n1mcLx5HlDmDcm0XszP3yBqZ6e+PmAV8mxmfGES5kYXP49UAybdAy71cX2+mJH1P7\n7ki5z7buNGHvxLDobj3ErQvTJnLccd5rGR+Ne89sFkDb2PdumVEAl6KYZJITQN5M\nVHM/oHVeRAgjvij2u699OaJRYL+3OCkjYoezJmARMijEu6QPghfXrRCbN1Zh0/Wr\nxrSrwzFvF4aKqcU1kNeQjWhBRk8Qnoz7iPpxQqKrQDfWPTvwOq7C7jOhLmg19qo0\nlHwzJ1FVXJRO8i/CQ2RDkGcPe9DIvk54W132BMr1/ByS5OFYNiVHOu40w0YkH4Fr\niR4mj8q2F9rLD/C1P6DorOt/Jh6Pu2KSQknqhdEeJupUokCTTs/JJ2sKeNFLtYgP\nUakK2E/DEbdqrgkZ9mlKJb0ZjQeHR0v9k1HRwoQXQ8cpS82xbWS5AolsCijb7t2Y\n8TLmtgI2HvdOK/kuHbqMODMXylBbKDGOhpbHBnkXjFyVVcdovufNMBf7Z/t5P/T1\nEvdBaBYUAonX8Ym/xKOKzk9N2sDxgQIDAQABAoICAA4nLuhOc620TOHn1nCEwNbX\ncjQfi7R5VcwXxymr2RvzO/oPr3PBPN5Nh2+FC20L1J/i/KdNaJgDMvw4EEI49ZXg\n2wlqNhIGSpnSQnNcaaxML9fLa31CqZJ6dkbtXXro6BwsqA9Xuh9sqQ585rxpBFIV\nIcmjDJs9w5KVsNyF92jnQfpDWjjlgQ2BjlmiRY+/IMwxi/r7kgM1FOVfWon3sJ0A\nGtWsPUSpSEfFTR9UUDmyjt8lYiASRw5WdQ6g5WJExyeiQe69FjIDH803Yz4Nym6N\nliGLDjGF646tevnoFaxqsyI8BmITbu4BK48nrkMG05fUeQIURw6Cu5xf7JE7Vzgy\n7mBwujtkEuRmXz9LsJTaWt5I/sXDUh0Uwe0BGYj5O+8MB7yzQFBjhv6pLJZdySSV\ngSlmupbwtY2BcV48KuvPkzKngHXR8jA6p8XAQV2Xq2njQLsOKJrgEhbIp99h61ao\n5K6gtW056hSN4q01YA00JQZGKZRviUOuQGP71SNDPCl3uvvElVwBFtfEYV12VzFK\nye1fF2CcRThCEML91Qo/IueqrNEBVQHxnCO7R5uwKSkXZNJ5pNArMsAdMfLzXApD\nF3Dcctz/C9I0RG18EdtoW4RjPxEZ1wXHGVkvCpUCwNImsvxWOy78klnfEUyKtOCM\ndnn1flp0CiZzjGAMSiGbAoIBAQC9ZpY4XZ4v68KnaHyiqKjNQDU64wrONGK1XrMS\nwOl5a6Cg8S3n3d51E2AguFKilKZ1LJ721WGdEIO4+J9nFKvXYUSCl711cCh+njya\nE3a9H6louFVZ2X3NxjLUSJtqUyBEOE/NzNxhTt9BoiiR3cKUmhLLlYkHmLnqBv3j\nw4Trl/rU3rDemAf6zOB0eXKM946qjQpfB2LsokCWWsOhnT1XBcSEvkHvSrWv4EH/\n6IDFAROBGtlCW2C8BiosRdpj8thsdnW1lvGAvHs27nLMXz3/NNBX03dlA8YRaelm\nl0EDo0IwrXI7/u4Zy8wL3gfn/NPr0ST3jXz9K8nxvohPxwcfAoIBAQDNjIZs/HT6\nY2rTMH++rC3ZNfLUm/3aNsVl1TB8nkEvfBQHU5HEyqqeE4d/b3+7bRwWhVpfNHLe\nrMV8qNr8iAjvpeL5nvnmUPHLT0CpsI+wUvOlnluHGsCfyLWDNVBPcDL10scediYM\nkKGJGiQSbl355JbIrYxA5AgA7qUGcLQ7mGmwzXyJgmBMOJbDyYvoezh4iogWxC4C\nlh834UgmGWJp2Bi20VuqF00HClN+z1QELQN2Pu2SVK5XTlfXmuYHc3Bi1xvD2KaL\nyqT2BtWVRS9RDG0LOzgOAnG9Mx7SEtPAnRhpydx28HWEwGaFKas6QaIuDo92Blpo\n40ti2Yav4hNfAoIBAQC0m0SYDz2u+KQvuwVOnoII5zdbJfHB3FZcGSettGNus2EC\n17ksp3dgMM+zo9C41AM/LQOQ4L0qZvsUwZBPXXjX8xq/ZS7287LJut6TFgheI/kJ\nsO1CtpCuTldd8raw1v+nzgLbfoSQDgP6tET3g33u8lUF6Vw38D0omu4z6NexSMWZ\ng5kpSdQiJofKyZygK9jRbZj8MTD18WqhdX+jdyts9kUFR9/b7WP/iFunSfCw62vL\n6uxNyJEf+sjwWtP8BzC1jOiF9p/oYNMl+I9jr1aRK62YckAiBU00gchdWdJXQ7D0\ndhC+gURPOPUkQ99KKt9yuYcEwNj1GnKBoWyelm2FAoIBAHoj2bEjZuNudgjeVdpY\nd7oNm6kItJSZXT0ArJowc62ivkgIOaNFhpL+KdLoz27xC/K59RSDlwqIgaVstQvA\nTgcRfMk11WstiDB2fIcY2pk9AXjVm6+xjuqjmnBIGtvJYQ6/3ABW1o861jIg7XRi\nTsdyNMM0lRXuKm9bX4ZvLDoJfCxKPol7hntkWPooZlGT/t9p+ioFEw4IZK6Q2I2D\nIf6hITZpO13cELJxSWIeEt+UW+1EwWjllt9cN0hvy+Z7iznAdsgukfCZTuK+9uWH\nQfGYP6ef3dQ9UZbKrLLJ6zgWYW5jO/UVN8/VgFX6h7vLSnKxxj+s0MZo4d/wQF99\nKGMCggEACAWOCIerQRC51zo8eXOB65mmpR0nX/VuWCZw4uIo5tVZ47JskPIH9MTy\nd/OLbHDa3esJjmZawSl0lI0j7p/yY+J9TEJyOCUU9PCDUw+BeJ39/VqW/fyBn8gI\n1cC3BnPkDf2HnbgHxaCP37sy/aHs7Xn/bNDaLksEDWDblFCQ5tYqGbZhxUNnsx2x\n3z/aYJVmx0lkKXSA+8rKeAk+OnDHUjlJjpRIcAsQJE6Ni+2cHbYygVPXiFbbKk+2\nekNwYkhMZ+DP+t+uY5ZRfwq0jjIrh+5fyw26yG9PoXspGoqPCTcQ9BEqU88J6ziF\nrxWXbmsYdR1dnKCZXcKJVKqJIFCnyg==\n-----END PRIVATE KEY-----\n\n</key>"
+}
+2023-05-10 15:51:40,059 p=46395 u=rob n=ansible | TASK [eve-ng-lab-test : debug] ****************************************************************************************************************************************************************************************************
+2023-05-10 15:51:40,091 p=46395 u=rob n=ansible | skipping: [eveng]
+2023-05-10 15:51:40,099 p=46395 u=rob n=ansible | skipping: [vyos-oobm]
+2023-05-10 15:51:40,100 p=46395 u=rob n=ansible | skipping: [ovpn-server]
+2023-05-10 15:51:40,108 p=46395 u=rob n=ansible | skipping: [ldap-server]
+2023-05-10 15:51:41,160 p=46395 u=rob n=ansible | network_os is set to vyos
+2023-05-10 15:51:41,163 p=46395 u=rob n=ansible | [WARNING]: ansible-pylibssh not installed, falling back to paramiko
+
+2023-05-10 15:51:41,169 p=46395 u=rob n=ansible | ok: [client] => {
+ "msg": {
+ "changed": false,
+ "skip_reason": "Conditional result was False",
+ "skipped": true
+ }
+}
+2023-05-10 15:51:41,175 p=46395 u=rob n=ansible | TASK [eve-ng-lab-test : install Client Cert] **************************************************************************************************************************************************************************************
+2023-05-10 15:51:41,200 p=46395 u=rob n=ansible | skipping: [eveng]
+2023-05-10 15:51:41,210 p=46395 u=rob n=ansible | skipping: [vyos-oobm]
+2023-05-10 15:51:41,218 p=46395 u=rob n=ansible | skipping: [ovpn-server]
+2023-05-10 15:51:41,227 p=46395 u=rob n=ansible | skipping: [ldap-server]
+2023-05-10 15:51:42,267 p=46644 u=rob n=ansible | [DEPRECATION WARNING]: PlayContext.verbosity is deprecated, use
+ansible.utils.display.Display.verbosity instead. This feature will be removed
+in version 2.18. Deprecation warnings can be disabled by setting
+deprecation_warnings=False in ansible.cfg.
+2023-05-10 15:51:42,938 p=46644 u=rob n=p=46644 u=rob | paramiko [client] | Connected (version 2.0, client OpenSSH_9.2p1)
+2023-05-10 15:51:43,304 p=46644 u=rob n=p=46644 u=rob | paramiko [client] | Authentication (publickey) successful!
+2023-05-10 15:51:51,002 p=46395 u=rob n=ansible | changed: [client]
+2023-05-10 15:51:51,010 p=46395 u=rob n=ansible | TASK [eve-ng-lab-test : install CA on Client] *************************************************************************************************************************************************************************************
+2023-05-10 15:51:51,035 p=46395 u=rob n=ansible | skipping: [eveng]
+2023-05-10 15:51:51,043 p=46395 u=rob n=ansible | skipping: [vyos-oobm]
+2023-05-10 15:51:51,051 p=46395 u=rob n=ansible | skipping: [ovpn-server]
+2023-05-10 15:51:51,060 p=46395 u=rob n=ansible | skipping: [ldap-server]
+2023-05-10 15:51:55,745 p=46395 u=rob n=ansible | changed: [client]
+2023-05-10 15:51:55,753 p=46395 u=rob n=ansible | TASK [eve-ng-lab-test : setup client] *********************************************************************************************************************************************************************************************
+2023-05-10 15:51:55,778 p=46395 u=rob n=ansible | skipping: [eveng]
+2023-05-10 15:51:55,786 p=46395 u=rob n=ansible | skipping: [vyos-oobm]
+2023-05-10 15:51:55,793 p=46395 u=rob n=ansible | skipping: [ovpn-server]
+2023-05-10 15:51:55,802 p=46395 u=rob n=ansible | skipping: [ldap-server]
+2023-05-10 15:52:05,361 p=46395 u=rob n=ansible | changed: [client]
+2023-05-10 15:52:05,371 p=46395 u=rob n=ansible | TASK [eve-ng-lab-test : OpenVPN_with_LDAP: Login to EVE-NG and get Cookie] ********************************************************************************************************************************************************
+2023-05-10 15:52:05,401 p=46395 u=rob n=ansible | skipping: [vyos-oobm]
+2023-05-10 15:52:05,409 p=46395 u=rob n=ansible | skipping: [ovpn-server]
+2023-05-10 15:52:05,412 p=46395 u=rob n=ansible | skipping: [client]
+2023-05-10 15:52:05,417 p=46395 u=rob n=ansible | skipping: [ldap-server]
+2023-05-10 15:52:07,968 p=46395 u=rob n=ansible | ok: [eveng]
+2023-05-10 15:52:07,978 p=46395 u=rob n=ansible | TASK [eve-ng-lab-test : OpenVPN_with_LDAP: stop nodes id] *************************************************************************************************************************************************************************
+2023-05-10 15:52:08,013 p=46395 u=rob n=ansible | skipping: [eveng]
+2023-05-10 15:52:08,016 p=46395 u=rob n=ansible | skipping: [vyos-oobm]
+2023-05-10 15:52:08,018 p=46395 u=rob n=ansible | skipping: [ovpn-server]
+2023-05-10 15:52:08,023 p=46395 u=rob n=ansible | skipping: [client]
+2023-05-10 15:52:08,030 p=46395 u=rob n=ansible | skipping: [ldap-server]
+2023-05-10 15:52:08,034 p=46395 u=rob n=ansible | TASK [eve-ng-lab-test : OpenVPN_with_LDAP: wait after stop] ***********************************************************************************************************************************************************************
+2023-05-10 15:52:08,047 p=46395 u=rob n=ansible | Pausing for 5 seconds
+2023-05-10 15:52:08,048 p=46395 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)
+2023-05-10 15:52:13,060 p=46395 u=rob n=ansible | ok: [eveng]
+2023-05-10 15:52:13,069 p=46395 u=rob n=ansible | TASK [eve-ng-lab-test : OpenVPN_with_LDAP: start nodes id] ************************************************************************************************************************************************************************
+2023-05-10 15:52:13,106 p=46395 u=rob n=ansible | skipping: [eveng]
+2023-05-10 15:52:13,108 p=46395 u=rob n=ansible | skipping: [vyos-oobm]
+2023-05-10 15:52:13,110 p=46395 u=rob n=ansible | skipping: [ovpn-server]
+2023-05-10 15:52:13,116 p=46395 u=rob n=ansible | skipping: [client]
+2023-05-10 15:52:13,123 p=46395 u=rob n=ansible | skipping: [ldap-server]
+2023-05-10 15:52:13,126 p=46395 u=rob n=ansible | TASK [eve-ng-lab-test : OpenVPN_with_LDAP: wait after start] **********************************************************************************************************************************************************************
+2023-05-10 15:52:13,139 p=46395 u=rob n=ansible | Pausing for 5 seconds
+2023-05-10 15:52:13,139 p=46395 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)
+2023-05-10 15:52:18,152 p=46395 u=rob n=ansible | ok: [eveng]
+2023-05-10 15:52:18,162 p=46395 u=rob n=ansible | TASK [eve-ng-lab-test : OpenVPN_with_LDAP: wait, b/c the ping often failed without a short break] *********************************************************************************************************************************
+2023-05-10 15:52:18,182 p=46395 u=rob n=ansible | Pausing for 30 seconds
+2023-05-10 15:52:18,183 p=46395 u=rob n=ansible | (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)
+2023-05-10 15:52:48,196 p=46395 u=rob n=ansible | ok: [eveng]
+2023-05-10 15:52:48,206 p=46395 u=rob n=ansible | TASK [eve-ng-lab-test : OpenVPN_with_LDAP: do ping test] **************************************************************************************************************************************************************************
+2023-05-10 15:52:48,243 p=46395 u=rob n=ansible | skipping: [eveng]
+2023-05-10 15:52:48,246 p=46395 u=rob n=ansible | skipping: [vyos-oobm]
+2023-05-10 15:52:48,246 p=46395 u=rob n=ansible | skipping: [ovpn-server]
+2023-05-10 15:52:48,257 p=46395 u=rob n=ansible | skipping: [ldap-server]
+2023-05-10 15:52:53,912 p=46395 u=rob n=ansible | ok: [client] => (item=192.168.1.1)
+2023-05-10 15:52:53,921 p=46395 u=rob n=ansible | TASK [eve-ng-lab-test : OpenVPN_with_LDAP: execute test commands] *****************************************************************************************************************************************************************
+2023-05-10 15:52:53,947 p=46395 u=rob n=ansible | skipping: [eveng]
+2023-05-10 15:52:53,956 p=46395 u=rob n=ansible | skipping: [vyos-oobm]
+2023-05-10 15:52:53,958 p=46395 u=rob n=ansible | skipping: [ovpn-server]
+2023-05-10 15:52:53,962 p=46395 u=rob n=ansible | skipping: [client]
+2023-05-10 15:52:53,971 p=46395 u=rob n=ansible | skipping: [ldap-server]
+2023-05-10 15:52:53,974 p=46395 u=rob n=ansible | TASK [eve-ng-lab-test : OpenVPN_with_LDAP: register stdout commands] **************************************************************************************************************************************************************
+2023-05-10 15:52:53,999 p=46395 u=rob n=ansible | skipping: [eveng]
+2023-05-10 15:52:54,002 p=46395 u=rob n=ansible | skipping: [vyos-oobm]
+2023-05-10 15:52:54,010 p=46395 u=rob n=ansible | skipping: [client]
+2023-05-10 15:52:54,016 p=46395 u=rob n=ansible | skipping: [ldap-server]
+2023-05-10 15:52:56,105 p=46395 u=rob n=ansible | ok: [ovpn-server] => (item={'name': 'show_client', 'command': 'show openvpn server'})
+2023-05-10 15:52:56,113 p=46395 u=rob n=ansible | TASK [eve-ng-lab-test : OpenVPN_with_LDAP: Set variables] *************************************************************************************************************************************************************************
+2023-05-10 15:52:56,144 p=46395 u=rob n=ansible | skipping: [eveng]
+2023-05-10 15:52:56,145 p=46395 u=rob n=ansible | skipping: [vyos-oobm]
+2023-05-10 15:52:56,152 p=46395 u=rob n=ansible | skipping: [client]
+2023-05-10 15:52:56,160 p=46395 u=rob n=ansible | skipping: [ldap-server]
+2023-05-10 15:52:57,191 p=46395 u=rob n=ansible | ok: [ovpn-server]
+2023-05-10 15:52:57,203 p=46395 u=rob n=ansible | TASK [eve-ng-lab-test : OpenVPN_with_LDAP: make sure output dir exist] ************************************************************************************************************************************************************
+2023-05-10 15:52:57,237 p=46395 u=rob n=ansible | skipping: [vyos-oobm]
+2023-05-10 15:52:57,246 p=46395 u=rob n=ansible | skipping: [ovpn-server]
+2023-05-10 15:52:57,248 p=46395 u=rob n=ansible | skipping: [client]
+2023-05-10 15:52:57,278 p=46395 u=rob n=ansible | skipping: [ldap-server]
+2023-05-10 15:52:57,510 p=46395 u=rob n=ansible | ok: [eveng -> localhost]
+2023-05-10 15:52:57,513 p=46395 u=rob n=ansible | TASK [eve-ng-lab-test : OpenVPN_with_LDAP: make sure output include dir exist] ****************************************************************************************************************************************************
+2023-05-10 15:52:57,536 p=46395 u=rob n=ansible | skipping: [vyos-oobm]
+2023-05-10 15:52:57,547 p=46395 u=rob n=ansible | skipping: [ovpn-server]
+2023-05-10 15:52:57,547 p=46395 u=rob n=ansible | skipping: [client]
+2023-05-10 15:52:57,555 p=46395 u=rob n=ansible | skipping: [ldap-server]
+2023-05-10 15:52:57,742 p=46395 u=rob n=ansible | ok: [eveng -> localhost]
+2023-05-10 15:52:57,746 p=46395 u=rob n=ansible | TASK [eve-ng-lab-test : OpenVPN_with_LDAP: Get timestamp from the system] *********************************************************************************************************************************************************
+2023-05-10 15:52:57,765 p=46395 u=rob n=ansible | skipping: [vyos-oobm]
+2023-05-10 15:52:57,771 p=46395 u=rob n=ansible | skipping: [ovpn-server]
+2023-05-10 15:52:57,774 p=46395 u=rob n=ansible | skipping: [client]
+2023-05-10 15:52:57,779 p=46395 u=rob n=ansible | skipping: [ldap-server]
+2023-05-10 15:52:58,651 p=46395 u=rob n=ansible | changed: [eveng]
+2023-05-10 15:52:58,660 p=46395 u=rob n=ansible | TASK [eve-ng-lab-test : OpenVPN_with_LDAP: Set variables] *************************************************************************************************************************************************************************
+2023-05-10 15:52:58,690 p=46395 u=rob n=ansible | ok: [eveng]
+2023-05-10 15:52:58,698 p=46395 u=rob n=ansible | skipping: [vyos-oobm]
+2023-05-10 15:52:58,701 p=46395 u=rob n=ansible | skipping: [ovpn-server]
+2023-05-10 15:52:58,701 p=46395 u=rob n=ansible | skipping: [client]
+2023-05-10 15:52:58,706 p=46395 u=rob n=ansible | skipping: [ldap-server]
+2023-05-10 15:52:58,711 p=46395 u=rob n=ansible | TASK [eve-ng-lab-test : OpenVPN_with_LDAP: generate lab rst file] *****************************************************************************************************************************************************************
+2023-05-10 15:52:58,734 p=46395 u=rob n=ansible | skipping: [vyos-oobm]
+2023-05-10 15:52:58,742 p=46395 u=rob n=ansible | skipping: [ovpn-server]
+2023-05-10 15:52:58,745 p=46395 u=rob n=ansible | skipping: [client]
+2023-05-10 15:52:58,750 p=46395 u=rob n=ansible | skipping: [ldap-server]
+2023-05-10 15:52:59,270 p=46395 u=rob n=ansible | changed: [eveng -> localhost]
+2023-05-10 15:52:59,275 p=46395 u=rob n=ansible | TASK [eve-ng-lab-test : OpenVPN_with_LDAP: find all *.conf files in Lab] **********************************************************************************************************************************************************
+2023-05-10 15:52:59,298 p=46395 u=rob n=ansible | skipping: [vyos-oobm]
+2023-05-10 15:52:59,306 p=46395 u=rob n=ansible | skipping: [ovpn-server]
+2023-05-10 15:52:59,308 p=46395 u=rob n=ansible | skipping: [client]
+2023-05-10 15:52:59,314 p=46395 u=rob n=ansible | skipping: [ldap-server]
+2023-05-10 15:52:59,568 p=46395 u=rob n=ansible | ok: [eveng -> localhost]
+2023-05-10 15:52:59,574 p=46395 u=rob n=ansible | TASK [eve-ng-lab-test : OpenVPN_with_LDAP: copy all *.conf files] *****************************************************************************************************************************************************************
+2023-05-10 15:52:59,599 p=46395 u=rob n=ansible | skipping: [vyos-oobm]
+2023-05-10 15:52:59,609 p=46395 u=rob n=ansible | skipping: [ovpn-server]
+2023-05-10 15:52:59,611 p=46395 u=rob n=ansible | skipping: [client]
+2023-05-10 15:52:59,618 p=46395 u=rob n=ansible | skipping: [ldap-server]
+2023-05-10 15:52:59,995 p=46395 u=rob n=ansible | ok: [eveng -> localhost] => (item={'path': 'labs/OpenVPN_with_LDAP/ovpn-server.conf', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 501, 'gid': 20, 'size': 810, 'inode': 3231536, 'dev': 16777229, 'nlink': 1, 'atime': 1682786301.5902777, 'mtime': 1682786299.53471, 'ctime': 1682786299.53471, 'gr_name': 'staff', 'pw_name': 'rob', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False})
+2023-05-10 15:53:00,389 p=46395 u=rob n=ansible | ok: [eveng -> localhost] => (item={'path': 'labs/OpenVPN_with_LDAP/client.conf', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 501, 'gid': 20, 'size': 477, 'inode': 3231532, 'dev': 16777229, 'nlink': 1, 'atime': 1682681063.1554656, 'mtime': 1682681061.5118814, 'ctime': 1682681061.5118814, 'gr_name': 'staff', 'pw_name': 'rob', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False})
+2023-05-10 15:53:00,395 p=46395 u=rob n=ansible | TASK [eve-ng-lab-test : OpenVPN_with_LDAP: find all *.config files in Lab] ********************************************************************************************************************************************************
+2023-05-10 15:53:00,417 p=46395 u=rob n=ansible | skipping: [vyos-oobm]
+2023-05-10 15:53:00,425 p=46395 u=rob n=ansible | skipping: [ovpn-server]
+2023-05-10 15:53:00,427 p=46395 u=rob n=ansible | skipping: [client]
+2023-05-10 15:53:00,432 p=46395 u=rob n=ansible | skipping: [ldap-server]
+2023-05-10 15:53:00,617 p=46395 u=rob n=ansible | ok: [eveng -> localhost]
+2023-05-10 15:53:00,622 p=46395 u=rob n=ansible | TASK [eve-ng-lab-test : OpenVPN_with_LDAP: copy all *.config files] ***************************************************************************************************************************************************************
+2023-05-10 15:53:00,646 p=46395 u=rob n=ansible | skipping: [vyos-oobm]
+2023-05-10 15:53:00,656 p=46395 u=rob n=ansible | skipping: [ovpn-server]
+2023-05-10 15:53:00,658 p=46395 u=rob n=ansible | skipping: [client]
+2023-05-10 15:53:00,664 p=46395 u=rob n=ansible | skipping: [ldap-server]
+2023-05-10 15:53:01,034 p=46395 u=rob n=ansible | changed: [eveng -> localhost] => (item={'path': 'labs/OpenVPN_with_LDAP/ldap-auth.config', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 501, 'gid': 20, 'size': 241, 'inode': 7385173, 'dev': 16777229, 'nlink': 1, 'atime': 1682687502.4956439, 'mtime': 1682687500.6057715, 'ctime': 1682687500.6057715, 'gr_name': 'staff', 'pw_name': 'rob', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False})
+2023-05-10 15:53:01,040 p=46395 u=rob n=ansible | TASK [eve-ng-lab-test : OpenVPN_with_LDAP: find all *.png files in Lab] ***********************************************************************************************************************************************************
+2023-05-10 15:53:01,063 p=46395 u=rob n=ansible | skipping: [vyos-oobm]
+2023-05-10 15:53:01,071 p=46395 u=rob n=ansible | skipping: [ovpn-server]
+2023-05-10 15:53:01,074 p=46395 u=rob n=ansible | skipping: [client]
+2023-05-10 15:53:01,079 p=46395 u=rob n=ansible | skipping: [ldap-server]
+2023-05-10 15:53:01,259 p=46395 u=rob n=ansible | ok: [eveng -> localhost]
+2023-05-10 15:53:01,265 p=46395 u=rob n=ansible | TASK [eve-ng-lab-test : OpenVPN_with_LDAP: copy all *.png files] ******************************************************************************************************************************************************************
+2023-05-10 15:53:01,289 p=46395 u=rob n=ansible | skipping: [vyos-oobm]
+2023-05-10 15:53:01,298 p=46395 u=rob n=ansible | skipping: [ovpn-server]
+2023-05-10 15:53:01,300 p=46395 u=rob n=ansible | skipping: [client]
+2023-05-10 15:53:01,306 p=46395 u=rob n=ansible | skipping: [ldap-server]
+2023-05-10 15:53:01,674 p=46395 u=rob n=ansible | ok: [eveng -> localhost] => (item={'path': 'labs/OpenVPN_with_LDAP/topology.png', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 501, 'gid': 20, 'size': 40891, 'inode': 7535943, 'dev': 16777229, 'nlink': 1, 'atime': 1682894454.9541955, 'mtime': 1682781250.8242838, 'ctime': 1682781303.849814, 'gr_name': 'staff', 'pw_name': 'rob', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False})
+2023-05-10 15:53:01,679 p=46395 u=rob n=ansible | TASK [eve-ng-lab-test : OpenVPN_with_LDAP: copy ansible log files] ****************************************************************************************************************************************************************
+2023-05-10 15:53:01,701 p=46395 u=rob n=ansible | skipping: [vyos-oobm]
+2023-05-10 15:53:01,708 p=46395 u=rob n=ansible | skipping: [ovpn-server]
+2023-05-10 15:53:01,710 p=46395 u=rob n=ansible | skipping: [client]
+2023-05-10 15:53:01,716 p=46395 u=rob n=ansible | skipping: [ldap-server]
diff --git a/docs/configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst b/docs/configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst
new file mode 100644
index 00000000..0322b301
--- /dev/null
+++ b/docs/configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst
@@ -0,0 +1,265 @@
+.. _examples-OpenVPN-with-LDAP:
+
+#################
+OpenVPN with LDAP
+#################
+
+| Testdate: 2023-05-10
+| Version: 1.4-rolling-202304280615
+
+This LAB show how to uwe OpenVPN with a Active Directory authentication backend.
+
+The Topology are consists of:
+ * Windows Server 2019 with a running Active Directory
+ * VyOS as a OpenVPN Server
+ * VyOS as Client
+
+.. image:: _include/topology.png
+ :alt: OpenVPN with LDAP topology image
+
+Active Directory on Windows server
+==================================
+
+The Lab asume a full running Active Directory on the Windows Server.
+Here are some PowerShell commands to quickly add a Test Active Directory.
+
+.. code-block:: powershell
+
+ # install the Active Directory Server role
+ Install-WindowsFeature AD-Domain-Services -IncludeManagementTools
+
+ # install the Active Directory Server role
+ Install-ADDSForest -DomainName "vyos.local" -DomainNetBiosName "VYOS" -InstallDns:$true -NoRebootCompletion:$true
+
+ # create test user01 and binduser
+ New-ADUser binduser -AccountPassword(Read-Host -AsSecureString "Input Password") -Enabled $true
+ New-ADUser user01 -AccountPassword(Read-Host -AsSecureString "Input Password") -Enabled $true
+
+
+Configuration VyOS as OpenVPN Server
+====================================
+
+In this example OpenVPN will be setup with a client certificate and username / password authentication.
+
+First a CA, a signed server and client ceftificate and a Diffie-Hellman parameter musst be generated and installed.
+Please look :ref:`here <configuration/pki/index:pki>` for more information.
+
+| Add the LDAP plugin configuration file `/config/auth/ldap-auth.config`
+| Check all possible settings `here <https://github.com/threerings/openvpn-auth-ldap/blob/master/auth-ldap.conf>`_
+
+.. literalinclude:: _include/ldap-auth.config
+ :language: none
+
+
+Now generate all required certificates on the ovpn-server:
+
+first the PCA
+
+.. code-block:: none
+
+ vyos@ovpn-server# run generate pki ca install OVPN-CA
+
+after this create a signed server and a client certificate
+
+.. code-block:: none
+
+ vyos@ovpn-server# run generate pki certificate sign OVPN-CA install SRV
+ vyos@ovpn-server# run generate pki certificate sign OVPN-CA install CLIENT
+
+and last the DH Key
+
+.. code-block:: none
+
+ vyos@ovpn-server# run generate pki dh install DH
+
+after all these steps the config look like this:
+
+.. code-block:: none
+
+ set pki ca OVPN-CA certificate 'MIIFnTCCA4WgAwIBAgIUORUZbBsuy0QupoJFJgXenSJ9AQQwDQYJKoZIhvcNAQELBQAwVzELMAkGA1UEBhMCR0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcMCVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzEQMA4GA1UEAwwHdnlvcy5pbzAeFw0yMzA1MTAxMzQ5MDlaFw0zMzA1MDcxMzQ5MDlaMFcxCzAJBgNVBAYTAkdCMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQHDAlTb21lLUNpdHkxDTALBgNVBAoMBFZ5T1MxEDAOBgNVBAMMB3Z5b3MuaW8wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCsL2Xui58HXpl+jreqRxYfNDx1ER7umJ0iPw2dyBuJhP1Hy7vlwyZRvdRQd2AexK1BU2lTkYMWh58BU/dxmnnVhfwr34wUYP6Cs10tKhOxTNj/87wfCBU1sCfvO77lPSNP9q/Ad7ZCF3K5Aruc6yO7i8Kx5mR9wysgNaVQQWCsZHKB91ZsviIsK51rVYNxF9WDxAP0Ms0pO/faSAFf70JbMG2jvRTAgQJ/+R+XXB/Rvg3cJrTYeSeFn+9len5N4HQgraw3tq/OLePYaZBew7a+GZ7YRsVdJbwq2Ch5lRN/jZxAyv4WJoMNEGJvb5I8pj/F3ECg6NcEmXaSnRXIO6eaq1v/huIsxNnWT9ns+/JB7OBDmZ88iMKP9z37X/AMwLKhcqjMGE9tR8zOMld2vqNgk6bhBzz28WJ6FT3bI30RT2fq+mnvS7rVFVyCMlruRg8jIkwa0sictXsO8rl+5i1L+44DC+L7YIlGykAMhc+V1AD3nXRz6sQH6O8Esr5hS2t3zEjcQ/jN0amlAKs8KLPaYh+Ui0E1gx0H7wGfVEVQ48IweIrRrZ0h9BG2i/9eHaM0kQjUP+I+P00dP6LdOawLWhzNQ8+9ES+1EAP088XpKK4jw9m+o6goqaLqHN0QBrfW8wSyMFE4wYin3dYGcykWqyx6Up14DGbF0iBCKSRVQwIDAQABo2EwXzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwHQYDVR0OBBYEFG1bKeDc0O/cCwaarX59BCMSJDujMA0GCSqGSIb3DQEBCwUAA4ICAQBWI+p8tBzy6CO8ImP5DBQFwnVBv+6T59na2JrEq7nZk0aBITWh9PRp5w+ZOe+cL9jHZEJNoaSjq3/bkF/CSKCIoa0YiZX/MAs4d/EnttRhcudwgTbE6q0tIKDLlxoYI0Gpo7j48W1rPd0FKAc7igy4eQKOwDmqqG9gVmNTyyrT1pVvaic7Ok/c1QmVOEub0f7kW2EA4Zk9+HUVGHYdp3WfOX8QCI5nTrAO6YJrw+d1BUly6krnb7NWDkWarJ51e6TAR1dz4zp++jhNVssEHbLQyA7+HzWnRSbxYndxCPBnoXjQRwx8/3uUubj9l3CDIb1424D0sm8TNslhElD41/Ir1uQ/RRt15O1CKQJg6mpvDtgrOik+vpUMqBDYGQ38XgqzHYV1klCjo5NlNP33TRvlQe9B6LtxzBZvoxBfxYDIheSRdPbKP8DEHZ6z9d0d1Ubo/waExlcrUfBt4bbxNebsx9nuvVl8hl0R0iEInMjN3jaPrSrUEsPcXpBVL+VhzuWG7zTfGGUVIB+5UC/VCiFP+9LPqsfgBvXKIfIlj2dbLJOsoxZrJtXq7Jvdn7NqFo7vR0hw+YIzmnCFAGpTx6yuWpjuf2y5dY48iTfMuP2vUoGRxoO+8wFQONj4psAD524SnOpEwYw+3fuw+P5zC6hT9y4XkZKsEnu6nJjB8T0BlA=='
+ set pki ca OVPN-CA private key 'MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCsL2Xui58HXpl+jreqRxYfNDx1ER7umJ0iPw2dyBuJhP1Hy7vlwyZRvdRQd2AexK1BU2lTkYMWh58BU/dxmnnVhfwr34wUYP6Cs10tKhOxTNj/87wfCBU1sCfvO77lPSNP9q/Ad7ZCF3K5Aruc6yO7i8Kx5mR9wysgNaVQQWCsZHKB91ZsviIsK51rVYNxF9WDxAP0Ms0pO/faSAFf70JbMG2jvRTAgQJ/+R+XXB/Rvg3cJrTYeSeFn+9len5N4HQgraw3tq/OLePYaZBew7a+GZ7YRsVdJbwq2Ch5lRN/jZxAyv4WJoMNEGJvb5I8pj/F3ECg6NcEmXaSnRXIO6eaq1v/huIsxNnWT9ns+/JB7OBDmZ88iMKP9z37X/AMwLKhcqjMGE9tR8zOMld2vqNgk6bhBzz28WJ6FT3bI30RT2fq+mnvS7rVFVyCMlruRg8jIkwa0sictXsO8rl+5i1L+44DC+L7YIlGykAMhc+V1AD3nXRz6sQH6O8Esr5hS2t3zEjcQ/jN0amlAKs8KLPaYh+Ui0E1gx0H7wGfVEVQ48IweIrRrZ0h9BG2i/9eHaM0kQjUP+I+P00dP6LdOawLWhzNQ8+9ES+1EAP088XpKK4jw9m+o6goqaLqHN0QBrfW8wSyMFE4wYin3dYGcykWqyx6Up14DGbF0iBCKSRVQwIDAQABAoICABBB3L90WlxmmlqLMhyMirJWixtzNYxJ8j2As5HsChbmwh1XHKjEehKUuFOtTxuImWKGHsyU/B9n8w474IH5l7rz5CE7rFe46BRCHYWSp/pWav9mWCLxRJi68az9DfifWFKyqYR5fnFovQcVPXlC8FmYXWvQ+OMGRu+gcQ6N+wk75giPEw9rDQHw+kjfRuz/gZmSgTG7jDMc+47AvAnT/DFs9fp+81MmZdcxwpcBdpWl+rFdzDcg3/zrYr3zngekrizvCPLXt8C2r4EdnSkoFHyIIb8s63HwiqmG8Edj2SFIJx0tArw9AE7+9t8BAKSOU+N5eMwDQANUqWU4Gg2Q/bGNX7G8E9nm4/DvGarNjSitVaLeLeJqLxSOz2jmCq1rvi92m4sY42kAhM8JXTfN5KnZOF9TUumm4CbzO1zuP/E8QFQZL2BJCpYKIKJ5fNjDvHMSehodGxYV3nbmfNqQpFq1I33OwDteJf6mjEZVrbF3CutM0+lDXeR+Vhp/6MeuDC4FJ0ZF2Ixpw0o3OBn9Yb808TwAmLgFGycTD1OFujvR0K30fhwJ2HPkUnQmErUWjuCZ/qlohmX7RM3ffioq7LyeeHeSykwrd4v2BJjW711lLvnp1Stfj+xLO1RdbKjh6q8TxJj9+NHAvVguPVNGkvs5o2UAfE1bvFDCd1mSBxFVAoIBAQDTMXs6xE/RcSlecV544Pq0NRYMidO3M2cqox19vxSJf1U2AyPYD5SHeDwyAwMP6cJ4kd8rK4yoXWruKpNSt7BAvy0q0TWBjFsbTRH6aPsE1S9hyIXj3GKoBt6j1SzNiIGsU5V+t0c7JTTCbxnvRNfhFth7Kqymh/37NIDm+iE/HILA/yBfafvQF/a3HsmwdkcvWiZLNIVYMGZsn5G1eNfJw5M7m/15qYBDf6iV2bCuj+VowIDLHh9jGyNyxJ0u906De9w/0wiD50Bm8G31W5dIsz9UzBHBKwTe9Ubnd4cearxqpi0Zc7EBSNJExR8FGeQJ/5QFGWabKLm0VzRbBbHfAoIBAQDQt0WfPgQ5Gw5bfpyYygNi2snFSkkFkf9Ch2SOhWrTLGhmFlhBTdd4wjIUyNKuQe09keKhPBrMc4yMLmSQZTKocry2ydzOqXFq+ECWhVixvbp0nFpH1ClMh5EnabbLcOAQdZyysy7/Lt//L7pKTpFuJrk9TxAzLRa5QG8tussJMNC0xJxCYc+rZ4087JCxOFEwbCArIIqqLQu3CEmURdroniNybHIArAyPyHkbEDvEusuPU/uk7jc94djbM6s2BN9Y8gOWbw7K+swm0NCUH5pend1OHIMlI83SfEjCjFzwrRl+VhcLjRhCW9UXUV36LI1hQ+c9FfGSKPY7oyRu/LEdAoIBAEO/KLeWR8B423tnRJXkHaf3K4aEI/0tqRd9UbWHuS/OP+heo33oqY23XR/x5WaSZwbETGGNy8YqiWWzFKVBNXHfob6Nc+uFuagNVgoM6REIzfVBHOoWRTN/WKYXeRLJikdcXKVUZ64qZj1E5H3jiJi0+mawLsgQ8cFGe18ct9OF8s+0R48z8Uo0lbjyUGKh3n3rHkObqna6t/B6U4RyKk6XxUAm7u27GOEOL2c6eLnWgRHURrxhglIJX5quRXnObUoyTlnO+XlOklMzJyLA6cuxbExoVf2wLhTTe5Y+uoJgXOadPfRfL1WpJYJX9XZucr9eU/46wrZdHw0huDLGpeMCggEAWgwoMor8IXMl352hjF3j1huU39Sr6oZRve9SGBdBvngzVpAfZZVi+Eu4dbUrCFmTNHQjdfLLkRftNHGzm4S9tWVDPA2dgWAjecY/f3FqkczMjBEE9mZ3pvf6TSnT3rQFR7SmdYbPKPOdWqjJ09NP9VkppGTfFWVHn4dIME+d14pDESqeTBmNEmNr0TQzPPKSPLT5sAGrMb6bhk1CCYGV77SCkJRvHxEbnlEcxutbDgaVWnIeaMsJ9F3jRLdnD7hMcECCAb5KgJJxz/FZe/6iiF3NpCyy/CwVWdGbRqxuULwt+o7EBIzMQZ0DM7s8M3pTSPqV4on8HlYj3hkF2AiXlQKCAQEAl/1xRGHZ1yGkX812AVfy4tZaPImhGcM3tQdBvfAIuEWb6veoBC50BoCO6hyO5yEHQWWniSDcueIUNJuRxOHES+UUV0c7JtI5BaTUYiMuFlYoAJoUann9fpMnxRdKKvWNyVg/j4cLjO5jcYVLfQAPGujJyPAPlWvNZYSuRHcIWs+bX1hsv26047gAmOHlxkvgQicD805AX9G02pHTpoYF436HCSneOrUm6z3xKbVJCKsAGgYch67R1rC9Z8USLRB5mKZ8G8LPQRKjgW5bFM8oDUbmcmy56LKQeOEqC59LGClEWoYyR6vMQBXPg7de+2zzQyh+zk1paXHc+s3p4vc7dQ=='
+ set pki certificate SRV certificate 'MIIFtTCCA52gAwIBAgIUZJNkauiY/nr9YRSXB0LGtSaCay0wDQYJKoZIhvcNAQELBQAwVzELMAkGA1UEBhMCR0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcMCVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzEQMA4GA1UEAwwHdnlvcy5pbzAeFw0yMzA1MTAxMzQ5MTlaFw0zMzA1MDcxMzQ5MTlaMFsxCzAJBgNVBAYTAkdCMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQHDAlTb21lLUNpdHkxDTALBgNVBAoMBFZ5T1MxFDASBgNVBAMMC292cG4tc2VydmVyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsSiZK5zaOJrtCiWAsQFZaGtbAOM4xzfwW871A/p1cfmEsQ2sso71TVY6j2VHzN+LyZe8nfyUK+tTx0PrkoHaH3e2S4/3hqiPFhedLXffjMEqEfTfYjNLyzFc6Zfmez4UB+ehLlSWlOkhqIUTiWVz7HyI51C68vYkH7jpgkM8AZta98F/SbgvViFZAcrq3Tq8zO/lrd9/8heScYAgmBLxklKXxYW2GDwBFOnbITz/nFSgg8w+Y3pDPOnXe7H0aufI5GK8SvuxNK2Is8g3YvyF9UQwIJPZYy2Pn8Av5i/GHZC0qu/d76+18OdrXELC5dSCyGfqj2DQ/SJXPqlgwgVBqPcp3lhoycD68aGf+uedu6aWUldglYlij8ubxIL8kHnJK32MDoIGq5wDwdKBmknLkt+ja3uOG+9lyjbh40im+u2efkzK0cVBfJzOQQhs0cSbWSjhebsvzFZGg6G3gGhnRo13s2DVJJKm+5VruUFxmRRgTM3TpKz/YZHvtapfyOiTs63ezG/OR1pUk1u2HuFDmfbY4ytAWkJrjK1R9ap9p0t9QenXgHAzPd/GudYnJ3FS0SUrjWswbg5HrhZupjvP3X04pQ0LRfU6VimykyXBeP2qd2wPDGywIQmGG+O0lnWo4GZcwHbFJOq/eGCvMFMWlY+Wvc9bPCCgsFOcn8aM34sCAwEAAaN1MHMwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHQYDVR0OBBYEFFnsRTERh8wQZAHlQE0cvQgINyHmMB8GA1UdIwQYMBaAFG1bKeDc0O/cCwaarX59BCMSJDujMA0GCSqGSIb3DQEBCwUAA4ICAQCY/ZezExvFSXU3Y+vKHlL9AJp25yaVn6MdQmpX/YTM19HQcL64MP2M0uMTUzi0OlG7WP3Ka5wYH+3R++4VLPqygZ5DArFxtv34matKQVTKmf3S+0iVReLqyFBfTlvHBXXce+ksOqyHrg9B0teND7wNmpbL/Dzg41jacZTeWAY+8PShDY5wVFfp3MJt1Lm19nNcMbe/hMeffBY2CQgGx3Lp7YQepxwGhTxf/w2kNBjVUXkXqIGNc9/cQMU+HWnMGTMa1XREXAH9dSM7ME2JD/HKIPNgVkQuXs7AsGCbCTrXfIjEv7/4uSE6cMM/0WoU/Cj2gddnLsHcsrBu0WfoRbeR6+ZCeoDDz5ZRnGkkOXFldRswZRun9gh5MMjcHw3y4zeGm8YwxIDA6GzE03D8ROFrFiCHqylkCy8kSP/B0Uw5Nu8WuQPN6RfX90RMKf+BwHdipqL1g30ILgy6yZ2Geb9zJfwGoN0w1IKesEubJwAXp1iyujwPH+QvvH3HK0p83hyiHpkRqKWs6xTEPdtlDEf+w6bKO67yySIpdSlBGopNmG/1Y5gXheMcIUu152VuwJRxdyld1RmN1vG/5UWZqwO4XZJ8CUO5VWMDtCOOUOIezuquU0d11Lj0cj/bKnHcW6V7YUIWazgJLnrA9aYVfN5ErKWPK+ceQeLf6mhStwLcqA=='
+ set pki certificate SRV private key 'MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCxKJkrnNo4mu0KJYCxAVloa1sA4zjHN/BbzvUD+nVx+YSxDayyjvVNVjqPZUfM34vJl7yd/JQr61PHQ+uSgdofd7ZLj/eGqI8WF50td9+MwSoR9N9iM0vLMVzpl+Z7PhQH56EuVJaU6SGohROJZXPsfIjnULry9iQfuOmCQzwBm1r3wX9JuC9WIVkByurdOrzM7+Wt33/yF5JxgCCYEvGSUpfFhbYYPAEU6dshPP+cVKCDzD5jekM86dd7sfRq58jkYrxK+7E0rYizyDdi/IX1RDAgk9ljLY+fwC/mL8YdkLSq793vr7Xw52tcQsLl1ILIZ+qPYND9Ilc+qWDCBUGo9yneWGjJwPrxoZ/65527ppZSV2CViWKPy5vEgvyQeckrfYwOggarnAPB0oGaScuS36Nre44b72XKNuHjSKb67Z5+TMrRxUF8nM5BCGzRxJtZKOF5uy/MVkaDobeAaGdGjXezYNUkkqb7lWu5QXGZFGBMzdOkrP9hke+1ql/I6JOzrd7Mb85HWlSTW7Ye4UOZ9tjjK0BaQmuMrVH1qn2nS31B6deAcDM938a51icncVLRJSuNazBuDkeuFm6mO8/dfTilDQtF9TpWKbKTJcF4/ap3bA8MbLAhCYYb47SWdajgZlzAdsUk6r94YK8wUxaVj5a9z1s8IKCwU5yfxozfiwIDAQABAoICAC+4fWX7lua3iNF6X6uObvyLKpTXICS9wz+fxG1BaqB8c4tT4SiqDJa7+wNEZ25e6yMu/e5aqrkX51XeTFcHJm/iidbZ3XXG8uAjFUI5r5yVLdVvbjrgEXMXBW2g7sNU6gVlFgxKWdOb5uajjistCmhx9VjF7M3kkr9+ylu966yNIhhp5XVAqXOcgQLUG6bjGxdjKa3H7gmS4u4y8tS0CaF+IQbiaTYm962f/th5u2rret91xXp7ZSBD5zkZKvsfG4S1uf3Cxa2obxHqhUzjM9xo9UPZP64RCEaieOSbCtVM9PW0rkZRwQM2+zr7es95Co+cOllL3Y/KT9D/xCIPU2uSrVisdqi3TPHOn96GOlYvenIMsIauuR1KI2Ai9H380xVdFUv655eJZ5ASIosr8AL9hOxZNV/VeYHPWajhSa+P6MFZx4jFeXIbxt1BioeL6izbmFdxTgYDAhjZGWw2irnBuIcM6j8r6xom0Nfa8SbTgkf3M4yjYk4MP+rkCW8jhpZMqcvQPpWCbq5HEgNIKBrxkQo87Rphocn4KuxZ70lTpPE/4iOABadqreLPYqp9VTd5bvApKCdFZdnF9DdoHUBpDbNqbj85W8E2WMCJBrZZfTUIV05klQ0JM1cbQXyRz1BwhvuGDxEP2nQRQYbWeBfbDg0tXBuIwOZqIp9Om/kVAoIBAQDEwjW8YDAjKbgOvcd18pGG7E8xB6s0Tpo3AKvOezg4Z1yWeCx4eM6kKXxsHBAHb1fpxL0mkDusr0NgZyW4EuTl+EdQHu0i03YfayfLMSKLPtcqtamyPlCsRnHw6TdfblRfVk5URpF656M6fIKXokc/4yhYOCAWGHPQWgZpWeOlWtTMKRiDqJGO+VbRw8rNBcq5i7hnvH8ESLQrwS4EIOVvmdypod4UpML26EEfNKJD2zaMLaMMqbMGt/q/HUIcB+PRgV0oaM4HB59DNrdFbeZuU3PEXofU9uYFiv1MJzzfVPVBKjEXuqUDe0R5Op4K0KasdqQop5Oh55NxGxb1JttvAoIBAQDmf6c/xz1hjfOTGxZydgD210GVYEFB2EdZnn47TuNXOjPFk8FRva6qU6txezU7DmF356jE0NlAWgD6SoFtpqSKbrxrvxPjGHOYS3fXHD6FK9vlv3jqcoiQBPy2KP59wpkIpcQ+gKqgR/nfaWvfOb3IfqER6QtqvSxK5hInbj6xcZ32cCeSAEG0EH5Mh3DiMuctwZY/l1PKCvt0fn5N0KBvLMCTZBkqQcTL635yLMgDs0PtkKzf8k2FjCjkXZ4nYoQcZ41/bzfnxjitzGiSYp6V/Oq71ZKjjNyjEBOoFRXY1THVpONc1Afct2j54p74mKxcKZaGF2Df7xszvf3TgR+lAoIBAG95QIyLSnqBhmADsV/nn/97Hpq+p4apCcIjxTLkqMN7+/7b8wYGG7zyLCXr+EDeGka9ShTxHn4Fhfy2M66INdr8wRppixxyBbhjM1ZxbgrJ/YmbBpuPppEUEDXXS6Hrli21bgddO8sQNXBLXomeTROrFQ52LeeWzva6KmvBm7HxNiK9HcBp3p3MMh4B+YISx/o7aKyNJME+l6U6e2GnaZXC7DvHE1VKy5Krn0mYvl4Hcm4U5Q2lj2I9Ffj1EKFk7vOhgTAFwMRG0zp3Y3oYe7cB3NLiY76Ka2O0jTF6AYjeT10uFEZHXnoMeozcYvHpqKSJSxQlbQULeINaP7WA4E0CggEADy4A+bZJWI9cpyd1hvw2fAsZCplYMtnneQNzFLzRRAFVP4HHjXaMdjMka0jN7KG50Ye0GaIXbKGAxvr5IxuCYouAZSgkSyRlGHZ/4e6+P07wIGVHtUjtrW5mpih0+htCsMsZ7XPTyNJ0pj3vGLhYw0dznBZY5iKnNBeKwoYEIvN0j7I7KOZTbWRYrPmOeZcYmm7RUkbJAdlPThC2iLFgn3G3DP3emmXSbAuKPEKuuW+o3ZBVkjoG2PCuELwJmlZmlOhM7UOJzv3C5c88Y8eS4hXR76TVD2hLb4GzibI5yhngOk2tm4NrMSHzC+Hczkpfr4Ido58OhjDc/b9ZZABw8QKCAQEAlJNCdC5rFwg7AoHfobbRnpYjs+avaLUj6EV0AAqbSFM3+o3UVOxRGkbHqLm4DqcRRyMoRXxgeKFx5dInK9rrVGRaoTzE7c/Atp2N7SXgodz3jrcPhTHqF1Z4eBjbwvNPumYK7N2U8PtV4OTvihUSpPRN0IgPuGvo9OFVuKenag1rDu1pZlxOQ2uuiostAkdZ6qS45tf0rjCjcpq1DYqgVm785GXCgBMZATZyLzg4nhDpoKWIZevFFCek1CAO7s9X1kHUin/uDutX/lvWMed8TpP0yD7IZ6yh3CYD2Nus+8P3Mla6lMrwyY1VJzq7wXGr9P6u47tUcCgjyRT24EHjlg=='
+ set pki certificate CLIENT certificate 'MIIFsDCCA5igAwIBAgIUXOnWUTwh0zWkUX+LTlftlfkEGqAwDQYJKoZIhvcNAQELBQAwVzELMAkGA1UEBhMCR0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcMCVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzEQMA4GA1UEAwwHdnlvcy5pbzAeFw0yMzA1MTAxMzQ5MjhaFw0zMzA1MDcxMzQ5MjhaMFYxCzAJBgNVBAYTAkdCMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQHDAlTb21lLUNpdHkxDTALBgNVBAoMBFZ5T1MxDzANBgNVBAMMBmNsaWVudDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJgTHdmee0dFlbohSBF+Xy8XjWpCKnfXGNgr9JgU9+lzQ8SR+Z83XcRocvJXasSf4gDZK05pGhyXTx9KzTaYAZi1ZCK4pZ1fXZ+TdHgThLdLW7h/xDF3WU0omydCGiBkua3kldcRfhPnBYrWZwvHkeUOYNybRezM/fIGpnp74+YBXybGZ8YRLmRhc/j1QDJt0DLvVxfb6YkfU/vuSLnPtu40Ye/EsOhuPcStC9Mmctxx3msZH417z2wWQNvY926ZUQCXophkkhNA3kxUcz+gdV5ECCO+KPa7r305olFgv7c4KSNih7MmYBEyKMS7pA+CF9etEJs3VmHT9avGtKvDMW8XhoqpxTWQ15CNaEFGTxCejPuI+nFCoqtAN9Y9O/A6rsLuM6EuaDX2qjSUfDMnUVVclE7yL8JDZEOQZw970Mi+TnhbXfYEyvX8HJLk4Vg2JUc67jTDRiQfgWuJHiaPyrYX2ssP8LU/oOis638mHo+7YpJCSeqF0R4m6lSiQJNOz8knawp40Uu1iA9RqQrYT8MRt2quCRn2aUolvRmNB4dHS/2TUdHChBdDxylLzbFtZLkCiWwKKNvu3ZjxMua2AjYe904r+S4duow4MxfKUFsoMY6GlscGeReMXJVVx2i+580wF/tn+3k/9PUS90FoFhQCidfxib/Eo4rOT03awPGBAgMBAAGjdTBzMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMB0GA1UdDgQWBBTTt3dGY9D07BI8V/0QmVI25bC+gDAfBgNVHSMEGDAWgBRtWyng3NDv3AsGmq1+fQQjEiQ7ozANBgkqhkiG9w0BAQsFAAOCAgEAKz+MT9JlvwUope8xrUuf+6s/fyiAvmQfGOAN6aBVyxO1+ZIAau6CXGJ9/MaJKF/Ju+V2zTpBVz2bFNxPHceY1z9rtQb0l+CG4elcsQY4vhouvDH+HoI8rP/jzFD25zsUmAlMaTZuLWU4WnVT2WhO5X1GZFKl5fT8ulyLx3rcb/CaiC6Kg+yi/tktFgpyWyjTMSVp9QBGYRudKVwKx585nb5a5Z+uLYBmYcYrRQvLWSQKGLb84qE8gOfek47FZCfoh7rlLpt8prFIW60xEarR4Ul/1xhs+2AqMw3mHuQrIxJgHvKoQHBkS/RadsRWglWasE0qm09BtoLeso1hZIXO2O830jXOYEZEuhE63iIHxBZUEUpurXt6he/IBL1l8UuRM6ArHtDo2awlnWlLUz34e1pSzLAtSfS9Iop+zxt/UDQtMCW/a2MQGB7m/kgCtICC0p8QsuGa8k/+SQOtTI1VAj/dJ2O5XFhfFYgDtT/XXa6o3nEmWW+KTtggcvGIyP0Huxq+6ShxrwKkXI0nWVffhVafcIkJnsUYTJu+Cx4KpilKV6+lzRQhK7UHfS0hErs0UQoZA4Fpz2uWukNe2fezl0IJThWPklGKOYriZyKb4i81i3occ1+9YpzKUrBD2ZI+t0Exp73/cfuQbiCOiIu80S44myiZMfD2OPvjR0lBSoE='
+ set pki certificate CLIENT private key 'MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCYEx3ZnntHRZW6IUgRfl8vF41qQip31xjYK/SYFPfpc0PEkfmfN13EaHLyV2rEn+IA2StOaRocl08fSs02mAGYtWQiuKWdX12fk3R4E4S3S1u4f8Qxd1lNKJsnQhogZLmt5JXXEX4T5wWK1mcLx5HlDmDcm0XszP3yBqZ6e+PmAV8mxmfGES5kYXP49UAybdAy71cX2+mJH1P77ki5z7buNGHvxLDobj3ErQvTJnLccd5rGR+Ne89sFkDb2PdumVEAl6KYZJITQN5MVHM/oHVeRAgjvij2u699OaJRYL+3OCkjYoezJmARMijEu6QPghfXrRCbN1Zh0/WrxrSrwzFvF4aKqcU1kNeQjWhBRk8Qnoz7iPpxQqKrQDfWPTvwOq7C7jOhLmg19qo0lHwzJ1FVXJRO8i/CQ2RDkGcPe9DIvk54W132BMr1/ByS5OFYNiVHOu40w0YkH4FriR4mj8q2F9rLD/C1P6DorOt/Jh6Pu2KSQknqhdEeJupUokCTTs/JJ2sKeNFLtYgPUakK2E/DEbdqrgkZ9mlKJb0ZjQeHR0v9k1HRwoQXQ8cpS82xbWS5AolsCijb7t2Y8TLmtgI2HvdOK/kuHbqMODMXylBbKDGOhpbHBnkXjFyVVcdovufNMBf7Z/t5P/T1EvdBaBYUAonX8Ym/xKOKzk9N2sDxgQIDAQABAoICAA4nLuhOc620TOHn1nCEwNbXcjQfi7R5VcwXxymr2RvzO/oPr3PBPN5Nh2+FC20L1J/i/KdNaJgDMvw4EEI49ZXg2wlqNhIGSpnSQnNcaaxML9fLa31CqZJ6dkbtXXro6BwsqA9Xuh9sqQ585rxpBFIVIcmjDJs9w5KVsNyF92jnQfpDWjjlgQ2BjlmiRY+/IMwxi/r7kgM1FOVfWon3sJ0AGtWsPUSpSEfFTR9UUDmyjt8lYiASRw5WdQ6g5WJExyeiQe69FjIDH803Yz4Nym6NliGLDjGF646tevnoFaxqsyI8BmITbu4BK48nrkMG05fUeQIURw6Cu5xf7JE7Vzgy7mBwujtkEuRmXz9LsJTaWt5I/sXDUh0Uwe0BGYj5O+8MB7yzQFBjhv6pLJZdySSVgSlmupbwtY2BcV48KuvPkzKngHXR8jA6p8XAQV2Xq2njQLsOKJrgEhbIp99h61ao5K6gtW056hSN4q01YA00JQZGKZRviUOuQGP71SNDPCl3uvvElVwBFtfEYV12VzFKye1fF2CcRThCEML91Qo/IueqrNEBVQHxnCO7R5uwKSkXZNJ5pNArMsAdMfLzXApDF3Dcctz/C9I0RG18EdtoW4RjPxEZ1wXHGVkvCpUCwNImsvxWOy78klnfEUyKtOCMdnn1flp0CiZzjGAMSiGbAoIBAQC9ZpY4XZ4v68KnaHyiqKjNQDU64wrONGK1XrMSwOl5a6Cg8S3n3d51E2AguFKilKZ1LJ721WGdEIO4+J9nFKvXYUSCl711cCh+njyaE3a9H6louFVZ2X3NxjLUSJtqUyBEOE/NzNxhTt9BoiiR3cKUmhLLlYkHmLnqBv3jw4Trl/rU3rDemAf6zOB0eXKM946qjQpfB2LsokCWWsOhnT1XBcSEvkHvSrWv4EH/6IDFAROBGtlCW2C8BiosRdpj8thsdnW1lvGAvHs27nLMXz3/NNBX03dlA8YRaelml0EDo0IwrXI7/u4Zy8wL3gfn/NPr0ST3jXz9K8nxvohPxwcfAoIBAQDNjIZs/HT6Y2rTMH++rC3ZNfLUm/3aNsVl1TB8nkEvfBQHU5HEyqqeE4d/b3+7bRwWhVpfNHLerMV8qNr8iAjvpeL5nvnmUPHLT0CpsI+wUvOlnluHGsCfyLWDNVBPcDL10scediYMkKGJGiQSbl355JbIrYxA5AgA7qUGcLQ7mGmwzXyJgmBMOJbDyYvoezh4iogWxC4Clh834UgmGWJp2Bi20VuqF00HClN+z1QELQN2Pu2SVK5XTlfXmuYHc3Bi1xvD2KaLyqT2BtWVRS9RDG0LOzgOAnG9Mx7SEtPAnRhpydx28HWEwGaFKas6QaIuDo92Blpo40ti2Yav4hNfAoIBAQC0m0SYDz2u+KQvuwVOnoII5zdbJfHB3FZcGSettGNus2EC17ksp3dgMM+zo9C41AM/LQOQ4L0qZvsUwZBPXXjX8xq/ZS7287LJut6TFgheI/kJsO1CtpCuTldd8raw1v+nzgLbfoSQDgP6tET3g33u8lUF6Vw38D0omu4z6NexSMWZg5kpSdQiJofKyZygK9jRbZj8MTD18WqhdX+jdyts9kUFR9/b7WP/iFunSfCw62vL6uxNyJEf+sjwWtP8BzC1jOiF9p/oYNMl+I9jr1aRK62YckAiBU00gchdWdJXQ7D0dhC+gURPOPUkQ99KKt9yuYcEwNj1GnKBoWyelm2FAoIBAHoj2bEjZuNudgjeVdpYd7oNm6kItJSZXT0ArJowc62ivkgIOaNFhpL+KdLoz27xC/K59RSDlwqIgaVstQvATgcRfMk11WstiDB2fIcY2pk9AXjVm6+xjuqjmnBIGtvJYQ6/3ABW1o861jIg7XRiTsdyNMM0lRXuKm9bX4ZvLDoJfCxKPol7hntkWPooZlGT/t9p+ioFEw4IZK6Q2I2DIf6hITZpO13cELJxSWIeEt+UW+1EwWjllt9cN0hvy+Z7iznAdsgukfCZTuK+9uWHQfGYP6ef3dQ9UZbKrLLJ6zgWYW5jO/UVN8/VgFX6h7vLSnKxxj+s0MZo4d/wQF99KGMCggEACAWOCIerQRC51zo8eXOB65mmpR0nX/VuWCZw4uIo5tVZ47JskPIH9MTyd/OLbHDa3esJjmZawSl0lI0j7p/yY+J9TEJyOCUU9PCDUw+BeJ39/VqW/fyBn8gI1cC3BnPkDf2HnbgHxaCP37sy/aHs7Xn/bNDaLksEDWDblFCQ5tYqGbZhxUNnsx2x3z/aYJVmx0lkKXSA+8rKeAk+OnDHUjlJjpRIcAsQJE6Ni+2cHbYygVPXiFbbKk+2ekNwYkhMZ+DP+t+uY5ZRfwq0jjIrh+5fyw26yG9PoXspGoqPCTcQ9BEqU88J6ziFrxWXbmsYdR1dnKCZXcKJVKqJIFCnyg=='
+ set pki dh DH parameters 'MIIBCAKCAQEArXG91W69LiDsmnDvXjXl9eJzEY0f/SLuipxqYRYdplgWbD3IQlMBtp66onNrb11ZVJa0jkddq3qJbJPZ4mTkb+wGH2bpdAgWx48k+c/JCBSF56NoAHLUhn/+UWHvzfOQOLYVJD4maTxWw4f9WlInANS/B/BQY+Z7zWuEX2F5dnBij5hlMHwgRxq86m4Wm3WNXyux4plVqtW0Htrm0Cl5m+SV04bDA4D5SK22hW8L4FnnPQmlzBb1nRdpolw6SdZKs/bgSfV2wGMfe3Yh0afdOLg5AI2sfgAl/7fCPOXUwaDuqSOkXAEnGqzD+XbuMdJ7947HMumODkOty5j3ysn/hwIBAg=='
+
+Once all the required certificates and keys are installed, the remaining
+OpenVPN Server configuration can be carried out.
+
+.. literalinclude:: _include/ovpn-server.conf
+ :language: none
+
+Client configuration
+====================
+
+One advantage of having the client certificate stored is the ability to create the client configuration.
+
+.. code-block:: none
+
+ vyos@ovpn-server:~$ generate openvpn client-config interface vtun10 ca OVPN-CA certificate CLIENT
+
+save the output to a file and import it in nearly all openvpn clients.
+
+.. code-block:: none
+
+ client
+ nobind
+ remote 198.51.100.254 1194
+ remote-cert-tls server
+ proto udp
+ dev tun
+ dev-type tun
+ persist-key
+ persist-tun
+ verb 3
+
+ # Encryption options
+
+ keysize 256
+ comp-lzo no
+
+ <ca>
+ -----BEGIN CERTIFICATE-----
+ MIIFnTCCA4WgAwIBAgIUORUZbBsuy0QupoJFJgXenSJ9AQQwDQYJKoZIhvcNAQEL
+ BQAwVzELMAkGA1UEBhMCR0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcM
+ CVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzEQMA4GA1UEAwwHdnlvcy5pbzAeFw0y
+ MzA1MTAxMzQ5MDlaFw0zMzA1MDcxMzQ5MDlaMFcxCzAJBgNVBAYTAkdCMRMwEQYD
+ VQQIDApTb21lLVN0YXRlMRIwEAYDVQQHDAlTb21lLUNpdHkxDTALBgNVBAoMBFZ5
+ T1MxEDAOBgNVBAMMB3Z5b3MuaW8wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
+ AoICAQCsL2Xui58HXpl+jreqRxYfNDx1ER7umJ0iPw2dyBuJhP1Hy7vlwyZRvdRQ
+ d2AexK1BU2lTkYMWh58BU/dxmnnVhfwr34wUYP6Cs10tKhOxTNj/87wfCBU1sCfv
+ O77lPSNP9q/Ad7ZCF3K5Aruc6yO7i8Kx5mR9wysgNaVQQWCsZHKB91ZsviIsK51r
+ VYNxF9WDxAP0Ms0pO/faSAFf70JbMG2jvRTAgQJ/+R+XXB/Rvg3cJrTYeSeFn+9l
+ en5N4HQgraw3tq/OLePYaZBew7a+GZ7YRsVdJbwq2Ch5lRN/jZxAyv4WJoMNEGJv
+ b5I8pj/F3ECg6NcEmXaSnRXIO6eaq1v/huIsxNnWT9ns+/JB7OBDmZ88iMKP9z37
+ X/AMwLKhcqjMGE9tR8zOMld2vqNgk6bhBzz28WJ6FT3bI30RT2fq+mnvS7rVFVyC
+ MlruRg8jIkwa0sictXsO8rl+5i1L+44DC+L7YIlGykAMhc+V1AD3nXRz6sQH6O8E
+ sr5hS2t3zEjcQ/jN0amlAKs8KLPaYh+Ui0E1gx0H7wGfVEVQ48IweIrRrZ0h9BG2
+ i/9eHaM0kQjUP+I+P00dP6LdOawLWhzNQ8+9ES+1EAP088XpKK4jw9m+o6goqaLq
+ HN0QBrfW8wSyMFE4wYin3dYGcykWqyx6Up14DGbF0iBCKSRVQwIDAQABo2EwXzAP
+ BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEF
+ BQcDAgYIKwYBBQUHAwEwHQYDVR0OBBYEFG1bKeDc0O/cCwaarX59BCMSJDujMA0G
+ CSqGSIb3DQEBCwUAA4ICAQBWI+p8tBzy6CO8ImP5DBQFwnVBv+6T59na2JrEq7nZ
+ k0aBITWh9PRp5w+ZOe+cL9jHZEJNoaSjq3/bkF/CSKCIoa0YiZX/MAs4d/EnttRh
+ cudwgTbE6q0tIKDLlxoYI0Gpo7j48W1rPd0FKAc7igy4eQKOwDmqqG9gVmNTyyrT
+ 1pVvaic7Ok/c1QmVOEub0f7kW2EA4Zk9+HUVGHYdp3WfOX8QCI5nTrAO6YJrw+d1
+ BUly6krnb7NWDkWarJ51e6TAR1dz4zp++jhNVssEHbLQyA7+HzWnRSbxYndxCPBn
+ oXjQRwx8/3uUubj9l3CDIb1424D0sm8TNslhElD41/Ir1uQ/RRt15O1CKQJg6mpv
+ DtgrOik+vpUMqBDYGQ38XgqzHYV1klCjo5NlNP33TRvlQe9B6LtxzBZvoxBfxYDI
+ heSRdPbKP8DEHZ6z9d0d1Ubo/waExlcrUfBt4bbxNebsx9nuvVl8hl0R0iEInMjN
+ 3jaPrSrUEsPcXpBVL+VhzuWG7zTfGGUVIB+5UC/VCiFP+9LPqsfgBvXKIfIlj2db
+ LJOsoxZrJtXq7Jvdn7NqFo7vR0hw+YIzmnCFAGpTx6yuWpjuf2y5dY48iTfMuP2v
+ UoGRxoO+8wFQONj4psAD524SnOpEwYw+3fuw+P5zC6hT9y4XkZKsEnu6nJjB8T0B
+ lA==
+ -----END CERTIFICATE-----
+
+ </ca>
+
+ <cert>
+ -----BEGIN CERTIFICATE-----
+ MIIFsDCCA5igAwIBAgIUXOnWUTwh0zWkUX+LTlftlfkEGqAwDQYJKoZIhvcNAQEL
+ BQAwVzELMAkGA1UEBhMCR0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcM
+ CVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzEQMA4GA1UEAwwHdnlvcy5pbzAeFw0y
+ MzA1MTAxMzQ5MjhaFw0zMzA1MDcxMzQ5MjhaMFYxCzAJBgNVBAYTAkdCMRMwEQYD
+ VQQIDApTb21lLVN0YXRlMRIwEAYDVQQHDAlTb21lLUNpdHkxDTALBgNVBAoMBFZ5
+ T1MxDzANBgNVBAMMBmNsaWVudDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
+ ggIBAJgTHdmee0dFlbohSBF+Xy8XjWpCKnfXGNgr9JgU9+lzQ8SR+Z83XcRocvJX
+ asSf4gDZK05pGhyXTx9KzTaYAZi1ZCK4pZ1fXZ+TdHgThLdLW7h/xDF3WU0omydC
+ GiBkua3kldcRfhPnBYrWZwvHkeUOYNybRezM/fIGpnp74+YBXybGZ8YRLmRhc/j1
+ QDJt0DLvVxfb6YkfU/vuSLnPtu40Ye/EsOhuPcStC9Mmctxx3msZH417z2wWQNvY
+ 926ZUQCXophkkhNA3kxUcz+gdV5ECCO+KPa7r305olFgv7c4KSNih7MmYBEyKMS7
+ pA+CF9etEJs3VmHT9avGtKvDMW8XhoqpxTWQ15CNaEFGTxCejPuI+nFCoqtAN9Y9
+ O/A6rsLuM6EuaDX2qjSUfDMnUVVclE7yL8JDZEOQZw970Mi+TnhbXfYEyvX8HJLk
+ 4Vg2JUc67jTDRiQfgWuJHiaPyrYX2ssP8LU/oOis638mHo+7YpJCSeqF0R4m6lSi
+ QJNOz8knawp40Uu1iA9RqQrYT8MRt2quCRn2aUolvRmNB4dHS/2TUdHChBdDxylL
+ zbFtZLkCiWwKKNvu3ZjxMua2AjYe904r+S4duow4MxfKUFsoMY6GlscGeReMXJVV
+ x2i+580wF/tn+3k/9PUS90FoFhQCidfxib/Eo4rOT03awPGBAgMBAAGjdTBzMAwG
+ A1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMC
+ MB0GA1UdDgQWBBTTt3dGY9D07BI8V/0QmVI25bC+gDAfBgNVHSMEGDAWgBRtWyng
+ 3NDv3AsGmq1+fQQjEiQ7ozANBgkqhkiG9w0BAQsFAAOCAgEAKz+MT9JlvwUope8x
+ rUuf+6s/fyiAvmQfGOAN6aBVyxO1+ZIAau6CXGJ9/MaJKF/Ju+V2zTpBVz2bFNxP
+ HceY1z9rtQb0l+CG4elcsQY4vhouvDH+HoI8rP/jzFD25zsUmAlMaTZuLWU4WnVT
+ 2WhO5X1GZFKl5fT8ulyLx3rcb/CaiC6Kg+yi/tktFgpyWyjTMSVp9QBGYRudKVwK
+ x585nb5a5Z+uLYBmYcYrRQvLWSQKGLb84qE8gOfek47FZCfoh7rlLpt8prFIW60x
+ EarR4Ul/1xhs+2AqMw3mHuQrIxJgHvKoQHBkS/RadsRWglWasE0qm09BtoLeso1h
+ ZIXO2O830jXOYEZEuhE63iIHxBZUEUpurXt6he/IBL1l8UuRM6ArHtDo2awlnWlL
+ Uz34e1pSzLAtSfS9Iop+zxt/UDQtMCW/a2MQGB7m/kgCtICC0p8QsuGa8k/+SQOt
+ TI1VAj/dJ2O5XFhfFYgDtT/XXa6o3nEmWW+KTtggcvGIyP0Huxq+6ShxrwKkXI0n
+ WVffhVafcIkJnsUYTJu+Cx4KpilKV6+lzRQhK7UHfS0hErs0UQoZA4Fpz2uWukNe
+ 2fezl0IJThWPklGKOYriZyKb4i81i3occ1+9YpzKUrBD2ZI+t0Exp73/cfuQbiCO
+ iIu80S44myiZMfD2OPvjR0lBSoE=
+ -----END CERTIFICATE-----
+
+ </cert>
+
+ <key>
+ -----BEGIN PRIVATE KEY-----
+ MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCYEx3ZnntHRZW6
+ IUgRfl8vF41qQip31xjYK/SYFPfpc0PEkfmfN13EaHLyV2rEn+IA2StOaRocl08f
+ Ss02mAGYtWQiuKWdX12fk3R4E4S3S1u4f8Qxd1lNKJsnQhogZLmt5JXXEX4T5wWK
+ 1mcLx5HlDmDcm0XszP3yBqZ6e+PmAV8mxmfGES5kYXP49UAybdAy71cX2+mJH1P7
+ 7ki5z7buNGHvxLDobj3ErQvTJnLccd5rGR+Ne89sFkDb2PdumVEAl6KYZJITQN5M
+ VHM/oHVeRAgjvij2u699OaJRYL+3OCkjYoezJmARMijEu6QPghfXrRCbN1Zh0/Wr
+ xrSrwzFvF4aKqcU1kNeQjWhBRk8Qnoz7iPpxQqKrQDfWPTvwOq7C7jOhLmg19qo0
+ lHwzJ1FVXJRO8i/CQ2RDkGcPe9DIvk54W132BMr1/ByS5OFYNiVHOu40w0YkH4Fr
+ iR4mj8q2F9rLD/C1P6DorOt/Jh6Pu2KSQknqhdEeJupUokCTTs/JJ2sKeNFLtYgP
+ UakK2E/DEbdqrgkZ9mlKJb0ZjQeHR0v9k1HRwoQXQ8cpS82xbWS5AolsCijb7t2Y
+ 8TLmtgI2HvdOK/kuHbqMODMXylBbKDGOhpbHBnkXjFyVVcdovufNMBf7Z/t5P/T1
+ EvdBaBYUAonX8Ym/xKOKzk9N2sDxgQIDAQABAoICAA4nLuhOc620TOHn1nCEwNbX
+ cjQfi7R5VcwXxymr2RvzO/oPr3PBPN5Nh2+FC20L1J/i/KdNaJgDMvw4EEI49ZXg
+ 2wlqNhIGSpnSQnNcaaxML9fLa31CqZJ6dkbtXXro6BwsqA9Xuh9sqQ585rxpBFIV
+ IcmjDJs9w5KVsNyF92jnQfpDWjjlgQ2BjlmiRY+/IMwxi/r7kgM1FOVfWon3sJ0A
+ GtWsPUSpSEfFTR9UUDmyjt8lYiASRw5WdQ6g5WJExyeiQe69FjIDH803Yz4Nym6N
+ liGLDjGF646tevnoFaxqsyI8BmITbu4BK48nrkMG05fUeQIURw6Cu5xf7JE7Vzgy
+ 7mBwujtkEuRmXz9LsJTaWt5I/sXDUh0Uwe0BGYj5O+8MB7yzQFBjhv6pLJZdySSV
+ gSlmupbwtY2BcV48KuvPkzKngHXR8jA6p8XAQV2Xq2njQLsOKJrgEhbIp99h61ao
+ 5K6gtW056hSN4q01YA00JQZGKZRviUOuQGP71SNDPCl3uvvElVwBFtfEYV12VzFK
+ ye1fF2CcRThCEML91Qo/IueqrNEBVQHxnCO7R5uwKSkXZNJ5pNArMsAdMfLzXApD
+ F3Dcctz/C9I0RG18EdtoW4RjPxEZ1wXHGVkvCpUCwNImsvxWOy78klnfEUyKtOCM
+ dnn1flp0CiZzjGAMSiGbAoIBAQC9ZpY4XZ4v68KnaHyiqKjNQDU64wrONGK1XrMS
+ wOl5a6Cg8S3n3d51E2AguFKilKZ1LJ721WGdEIO4+J9nFKvXYUSCl711cCh+njya
+ E3a9H6louFVZ2X3NxjLUSJtqUyBEOE/NzNxhTt9BoiiR3cKUmhLLlYkHmLnqBv3j
+ w4Trl/rU3rDemAf6zOB0eXKM946qjQpfB2LsokCWWsOhnT1XBcSEvkHvSrWv4EH/
+ 6IDFAROBGtlCW2C8BiosRdpj8thsdnW1lvGAvHs27nLMXz3/NNBX03dlA8YRaelm
+ l0EDo0IwrXI7/u4Zy8wL3gfn/NPr0ST3jXz9K8nxvohPxwcfAoIBAQDNjIZs/HT6
+ Y2rTMH++rC3ZNfLUm/3aNsVl1TB8nkEvfBQHU5HEyqqeE4d/b3+7bRwWhVpfNHLe
+ rMV8qNr8iAjvpeL5nvnmUPHLT0CpsI+wUvOlnluHGsCfyLWDNVBPcDL10scediYM
+ kKGJGiQSbl355JbIrYxA5AgA7qUGcLQ7mGmwzXyJgmBMOJbDyYvoezh4iogWxC4C
+ lh834UgmGWJp2Bi20VuqF00HClN+z1QELQN2Pu2SVK5XTlfXmuYHc3Bi1xvD2KaL
+ yqT2BtWVRS9RDG0LOzgOAnG9Mx7SEtPAnRhpydx28HWEwGaFKas6QaIuDo92Blpo
+ 40ti2Yav4hNfAoIBAQC0m0SYDz2u+KQvuwVOnoII5zdbJfHB3FZcGSettGNus2EC
+ 17ksp3dgMM+zo9C41AM/LQOQ4L0qZvsUwZBPXXjX8xq/ZS7287LJut6TFgheI/kJ
+ sO1CtpCuTldd8raw1v+nzgLbfoSQDgP6tET3g33u8lUF6Vw38D0omu4z6NexSMWZ
+ g5kpSdQiJofKyZygK9jRbZj8MTD18WqhdX+jdyts9kUFR9/b7WP/iFunSfCw62vL
+ 6uxNyJEf+sjwWtP8BzC1jOiF9p/oYNMl+I9jr1aRK62YckAiBU00gchdWdJXQ7D0
+ dhC+gURPOPUkQ99KKt9yuYcEwNj1GnKBoWyelm2FAoIBAHoj2bEjZuNudgjeVdpY
+ d7oNm6kItJSZXT0ArJowc62ivkgIOaNFhpL+KdLoz27xC/K59RSDlwqIgaVstQvA
+ TgcRfMk11WstiDB2fIcY2pk9AXjVm6+xjuqjmnBIGtvJYQ6/3ABW1o861jIg7XRi
+ TsdyNMM0lRXuKm9bX4ZvLDoJfCxKPol7hntkWPooZlGT/t9p+ioFEw4IZK6Q2I2D
+ If6hITZpO13cELJxSWIeEt+UW+1EwWjllt9cN0hvy+Z7iznAdsgukfCZTuK+9uWH
+ QfGYP6ef3dQ9UZbKrLLJ6zgWYW5jO/UVN8/VgFX6h7vLSnKxxj+s0MZo4d/wQF99
+ KGMCggEACAWOCIerQRC51zo8eXOB65mmpR0nX/VuWCZw4uIo5tVZ47JskPIH9MTy
+ d/OLbHDa3esJjmZawSl0lI0j7p/yY+J9TEJyOCUU9PCDUw+BeJ39/VqW/fyBn8gI
+ 1cC3BnPkDf2HnbgHxaCP37sy/aHs7Xn/bNDaLksEDWDblFCQ5tYqGbZhxUNnsx2x
+ 3z/aYJVmx0lkKXSA+8rKeAk+OnDHUjlJjpRIcAsQJE6Ni+2cHbYygVPXiFbbKk+2
+ ekNwYkhMZ+DP+t+uY5ZRfwq0jjIrh+5fyw26yG9PoXspGoqPCTcQ9BEqU88J6ziF
+ rxWXbmsYdR1dnKCZXcKJVKqJIFCnyg==
+ -----END PRIVATE KEY-----
+
+ </key>
+
+
+Monitoring
+==========
+
+If the client is connect successfully you can check the output with
+
+.. code-block:: none
+
+ vyos@ovpn-server:~$ show openvpn server
+ OpenVPN status on vtun10
+
+ Client CN Remote Host Tunnel IP Local Host TX bytes RX bytes Connected Since
+ ----------- ------------------ ----------- ------------------- ---------- ---------- -------------------
+ client 198.51.100.1:40297 10.23.1.6 198.51.100.254:1194 4.8 KB 4.8 KB 2023-05-10 13:52:01
diff --git a/docs/configexamples/autotest/OpenVPN_with_LDAP/_include/client.conf b/docs/configexamples/autotest/OpenVPN_with_LDAP/_include/client.conf
new file mode 100644
index 00000000..fb101b12
--- /dev/null
+++ b/docs/configexamples/autotest/OpenVPN_with_LDAP/_include/client.conf
@@ -0,0 +1,10 @@
+set interfaces ethernet eth1 address '198.51.100.1/24'
+set interfaces openvpn vtun1 mode client
+set interfaces openvpn vtun1 remote-host 198.51.100.254
+set interfaces openvpn vtun1 remote-port 1194
+set interfaces openvpn vtun1 protocol udp
+set interfaces openvpn vtun1 tls certificate CLIENT
+set interfaces openvpn vtun1 tls ca-certificate OVPN-CA
+
+set interfaces openvpn vtun1 authentication username 'user01'
+set interfaces openvpn vtun1 authentication password 'P4ssw0rd123' \ No newline at end of file
diff --git a/docs/configexamples/autotest/OpenVPN_with_LDAP/_include/ldap-auth.config b/docs/configexamples/autotest/OpenVPN_with_LDAP/_include/ldap-auth.config
new file mode 100644
index 00000000..0ae3dbc0
--- /dev/null
+++ b/docs/configexamples/autotest/OpenVPN_with_LDAP/_include/ldap-auth.config
@@ -0,0 +1,13 @@
+<LDAP>
+URL ldap://192.168.1.10
+BindDN bind_user@vyos.local
+Password P4ssw0rd123
+Timeout 15
+TLSEnable no
+FollowReferrals no
+</LDAP>
+<Authorization>
+BaseDN "DC=vyos,DC=local"
+SearchFilter "sAMAccountName=%u"
+RequireGroup false
+</Authorization> \ No newline at end of file
diff --git a/docs/configexamples/autotest/OpenVPN_with_LDAP/_include/ovpn-server.conf b/docs/configexamples/autotest/OpenVPN_with_LDAP/_include/ovpn-server.conf
new file mode 100644
index 00000000..982ec355
--- /dev/null
+++ b/docs/configexamples/autotest/OpenVPN_with_LDAP/_include/ovpn-server.conf
@@ -0,0 +1,15 @@
+set interface ethernet eth1 address '192.168.1.1/24'
+set interface ethernet eth2 address '198.51.100.254/24'
+set interfaces openvpn vtun10 local-host '198.51.100.254'
+set interfaces openvpn vtun10 local-port '1194'
+set interfaces openvpn vtun10 mode 'server'
+set interfaces openvpn vtun10 openvpn-option '--plugin /usr/lib/openvpn/openvpn-auth-ldap.so /config/auth/ldap-auth.config'
+set interfaces openvpn vtun10 persistent-tunnel
+set interfaces openvpn vtun10 protocol 'udp'
+set interfaces openvpn vtun10 server push-route '192.168.1.0/24'
+set interfaces openvpn vtun10 server subnet '10.23.1.0/24'
+
+set interfaces openvpn vtun10 tls ca-certificate OVPN-CA
+set interfaces openvpn vtun10 tls certificate SRV
+set interfaces openvpn vtun10 tls dh-params DH
+set protocols static route 10.1.1.0/24 interface vtun10 \ No newline at end of file
diff --git a/docs/configexamples/autotest/OpenVPN_with_LDAP/_include/topology.png b/docs/configexamples/autotest/OpenVPN_with_LDAP/_include/topology.png
new file mode 100644
index 00000000..382e44f6
--- /dev/null
+++ b/docs/configexamples/autotest/OpenVPN_with_LDAP/_include/topology.png
Binary files differ
diff --git a/docs/configexamples/index.rst b/docs/configexamples/index.rst
index b3610d3a..80083fe1 100644
--- a/docs/configexamples/index.rst
+++ b/docs/configexamples/index.rst
@@ -18,7 +18,6 @@ This chapter contains various configuration examples:
pppoe-ipv6-basic
l3vpn-hub-and-spoke
inter-vrf-routing-vrf-lite
- openvpn-ldap
qos
segment-routing-isis
nmp
@@ -52,3 +51,4 @@ The process will do the following steps:
autotest/tunnelbroker/tunnelbroker
autotest/L3VPN_EVPN/L3VPN_EVPN
autotest/Wireguard/Wireguard
+ autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP
diff --git a/docs/configexamples/openvpn-ldap.rst b/docs/configexamples/openvpn-ldap.rst
deleted file mode 100644
index 402ab7f1..00000000
--- a/docs/configexamples/openvpn-ldap.rst
+++ /dev/null
@@ -1,94 +0,0 @@
-:lastproofread: 2023-01-29
-
-.. _examples-openvvpn-ldap:
-
-#########################
-OpenVPN with LDAP example
-#########################
-
-Configuration AD and a windows server
-=====================================
-
-We aim to configure LDAP authentication between the VYOS router and Windows Server 2019 (role: Active Directory) when our customers connect to our privet network using the OpenVPN client.
-Using the general schema for example:
-
-.. image:: /_static/images/mainschema.png
- :width: 80%
- :align: center
- :alt: Network Topology Diagram
-
-.. code-block:: none
-
- VyOS - the main OpenVPN server
- Winserver - windows server with role Active Directory
- Win10-PC - OpenVPN customer with LDAP authentication
-
-First, we need to configure the AD service and create two accounts. One account for the LDAP adapter built into the VYOS router and a second even account for our test client.
-
-.. image:: /_static/images/ldapone.png
- :width: 80%
- :align: center
- :alt: Network Topology Diagram
-
-Picture 1 - Adding the AD role
-
-.. image:: /_static/images/ldaptwo.png
- :width: 80%
- :align: center
- :alt: Network Topology Diagram
-
-Picture 2 - Adding the AD role
-
-Configuration VyOS router
-=========================
-
-Make the configuration file for the LDAP plugin.
-
-.. code-block:: none
-
- vyos@vyos:~$ sudo cat /config/auth/ldap-auth.config
- <LDAP>
- URL ldap://10.217.80.58
- BindDN userldap@corp.vyos.com
- Password YourPass
- Timeout 15
- TLSEnable no
- FollowReferrals no
- </LDAP>
- <Authorization>
- BaseDN "DC=corp,DC=vyos,DC=com"
- SearchFilter "sAMAccountName=%u"
- RequireGroup false
- </Authorization>
-
-
-**This specific example is for a windows server 2019**:
-
-* URL ldap://10.217.80.58 - The URL of your LDAP server
-* BindDN userldap@corp.vyos.com - The BindDN of the users' directory
-* BaseDN "DC=corp,DC=vyos,DC=com" - In the block <Authorization> notice your domain
-
-Make the main config for VyOS like VPN and Authorization server:
-
-.. code-block:: none
-
- set interfaces ethernet eth0 address 'dhcp'
- set interfaces openvpn vtun10 local-port '1194'
- set interfaces openvpn vtun10 mode 'server'
- set interfaces openvpn vtun10 openvpn-option '--plugin /usr/lib/openvpn/openvpn-auth-ldap.so /config/auth/ldap-auth.config'
- set interfaces openvpn vtun10 persistent-tunnel
- set interfaces openvpn vtun10 protocol 'udp'
- set interfaces openvpn vtun10 server push-route 192.168.0.0/16
- set interfaces openvpn vtun10 server subnet '10.23.1.0/24'
- set interfaces openvpn vtun10 tls ca-cert-file '/config/auth/openvpn/ca.crt'
- set interfaces openvpn vtun10 tls cert-file '/config/auth/openvpn/central.crt'
- set interfaces openvpn vtun10 tls crl-file '/config/auth/openvpn/crl.pem'
- set interfaces openvpn vtun10 tls dh-file '/config/auth/openvpn/dh.pem'
- set interfaces openvpn vtun10 tls key-file '/config/auth/openvpn/central.key'
- set protocols static interface-route 10.23.0.0/20 next-hop-interface vtun10
- set service ssh port '22'
-
-Next, you need to install and configure the configuration file for the windows/Linux OpenVPN client. After connecting to the VPN servers, you will be prompted to go through LDAP authorization.
-
-**To automatically generate the openVPN configuration file for windows clients, you can use this link:**
-https://ovpnconfig.com.br/ \ No newline at end of file