OpenVPN with LDAP: questions
I am trying to setup OpenVPN with LDAP Authentication on pfsense 2.3.2. I have found some instructions but I am a little bit confused. Could you please help with the below questions?
1. pfsense - Certificates. In order to use OpenVPN Server Mode = Remote Access (SSL/TLS + User Auth), on pfsense I need to create a Cert Authority and generate 2 certificates: a server cert and a user cert. Am I right?
2. Is the user certificate common(the same) for all users?
3. How is the user certificate getting attached to the client? Is it at client export?
Thanks in advance.
I think I found the answers to my questions and probably someone will find it helpful.
On the OpenVPN Server's setup page there is an option to force to check if the user name = certificate's Common Name. If I leave it unchecked the exported client can be used by any user given the user is in AD. I have not tested this scenario but I think it will work.
In our case as we have 5-6 users of VPN I preferred to use the local database. The confusion on how to attach an existing user certificate to a particular user is due to the fact that in order to attach an existing certificate to a user first it is required to create and save the user then edit the user and attach the existing certificate. It is also possible to create a user and generate a corresponding attached certificate by checking that option at the time of creating a user. The problem with this option is you can't edit the details in the certificate (for example the email address) and the details of the CA will be used for the certificate.