Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN with LDAP: questions

    OpenVPN
    1
    2
    1.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Art
      last edited by

      Hi All,

      I am trying to setup OpenVPN with LDAP Authentication on pfsense 2.3.2. I have found some instructions but I am a little bit confused. Could you please help with the below questions?

      1. pfsense - Certificates. In order to use OpenVPN Server Mode = Remote Access (SSL/TLS + User Auth), on pfsense I need to create a Cert Authority and generate 2 certificates: a server cert and a user cert. Am I right?

      2. Is the user certificate common(the same) for all users?

      3. How is the user certificate getting attached to the client? Is it at client export?

      Thanks in advance.

      1 Reply Last reply Reply Quote 0
      • A
        Art
        last edited by

        Hi,

        I think I found the answers to my questions and probably someone will find it helpful.
        On the OpenVPN Server's setup page there is an option to force to check if the user name = certificate's Common Name. If I leave it unchecked the exported client can be used by any user given the user is in AD. I have not tested this scenario but I think it will work.
        In our case as we have 5-6 users of VPN I preferred to use the local database. The confusion on how to attach an existing user certificate to a particular user is due to the fact that in order to attach an existing certificate to a user first it is required to create and save the user then edit the user and attach the existing certificate. It is also possible to create a user and generate a corresponding attached certificate by checking that option at the time of creating a user. The problem with this option is you can't edit the details in the certificate (for example the email address) and the details of the CA will be used for the certificate.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.