Auto create users for OpenVPN while authenticate against LDAP

hiddenbit · May 16, 2017, 7:27 AM

Hey guys, I configured my pfSense to authenticate users against LDAP (Active Directory). This seems to work, but while usings this accounts with OpenVPN and certificate-based authentication, they need to exist locally. Is there any preferred way to do this automatically?

jimp · May 17, 2017, 8:18 PM

You do not need local accounts to use with LDAP and Certificates.

You only need to make certificates under System > Cert Manager on the Certificates tab, using the same CA as the OpenVPN server.

There is not a way to automate making the certificates, however.

hiddenbit · May 24, 2017, 8:44 AM

Hey jimp, thanks for your response. I got it working, but realized a disappointing point. After login with a remote user, I am able to see, use and download also certificates from other users (see attached pic). Is there a way to work around that?

jimp · May 24, 2017, 11:27 AM

The export package is not intended to be used by end-users. There is no way for a user to login and download just their own client.