4. LDAPs or LDAP for OpenVPN remote access?

LDAPs or LDAP for OpenVPN remote access?

  • S

    If LDAP is chosen as the authentication method for a Remote Access OpenVPN server, is it recommended to stick with the encrypted version of LDAP (LDAPs) or would unencrypted LDAP suffice? Would LDAPs just add unnecessary additional encryption and complexity to an already encrypted channel? Am I completely off here?

    In section 9.3 of the pfsense book they provide an example of a remote access OpenVPN server using plain TCP LDAP. There doesn't seem to be any mention if LDAPs is recommended for external authentication.

    0
  • Rebel Alliance Developer Netgate

    OpenVPN encrypts data transfers between your clients and pfSense

    LDAPS encrypts the LDAP authentication process itself between pfSense and your LDAP server.

    The two are not related, and you should always go for the more secure option if it's available. LDAPS is definitely preferable, especially if the LDAP server is remote to the firewall. If the firewall and the LDAP server are on the same network directly connected (e.g. LDAP server is in LAN or DMZ) then it may not matter so much, but I'd still go for LDAPS.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy