Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    LDAPs or LDAP for OpenVPN remote access?

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 2 Posters 476 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      A Former User
      last edited by A Former User

      If LDAP is chosen as the authentication method for a Remote Access OpenVPN server, is it recommended to stick with the encrypted version of LDAP (LDAPs) or would unencrypted LDAP suffice? Would LDAPs just add unnecessary additional encryption and complexity to an already encrypted channel? Am I completely off here?

      In section 9.3 of the pfsense book they provide an example of a remote access OpenVPN server using plain TCP LDAP. There doesn't seem to be any mention if LDAPs is recommended for external authentication.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        OpenVPN encrypts data transfers between your clients and pfSense

        LDAPS encrypts the LDAP authentication process itself between pfSense and your LDAP server.

        The two are not related, and you should always go for the more secure option if it's available. LDAPS is definitely preferable, especially if the LDAP server is remote to the firewall. If the firewall and the LDAP server are on the same network directly connected (e.g. LDAP server is in LAN or DMZ) then it may not matter so much, but I'd still go for LDAPS.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.