4. LDAPs or LDAP for OpenVPN remote access?

LDAPs or LDAP for OpenVPN remote access?

  • S

    If LDAP is chosen as the authentication method for a Remote Access OpenVPN server, is it recommended to stick with the encrypted version of LDAP (LDAPs) or would unencrypted LDAP suffice? Would LDAPs just add unnecessary additional encryption and complexity to an already encrypted channel? Am I completely off here?

    In section 9.3 of the pfsense book they provide an example of a remote access OpenVPN server using plain TCP LDAP. There doesn't seem to be any mention if LDAPs is recommended for external authentication.

    0
  • Rebel Alliance Developer Netgate

    OpenVPN encrypts data transfers between your clients and pfSense

    LDAPS encrypts the LDAP authentication process itself between pfSense and your LDAP server.

    The two are not related, and you should always go for the more secure option if it's available. LDAPS is definitely preferable, especially if the LDAP server is remote to the firewall. If the firewall and the LDAP server are on the same network directly connected (e.g. LDAP server is in LAN or DMZ) then it may not matter so much, but I'd still go for LDAPS.

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy