Openvpn - ssl/tls + user auth (ldap)

beppo · Jun 29, 2010, 8:07 AM

Hello,

why it isn't possible to have ssl/tls + user authentification via ldap?

greetings

beppo

jimp · Jun 29, 2010, 1:59 PM

It should be, if you setup your LDAP server under System > User Manager, on the Servers tab. Or use the wizard.

eazydor · Jun 29, 2010, 8:37 PM

and LDAP for X-Auth? planned for somewhen?

jimp · Jun 29, 2010, 9:09 PM

@eazydor:

and LDAP for X-Auth? planned for somewhen?

For IPsec? If you want to know, open a new thread, that is not relevant to this thread.

beppo · Jun 30, 2010, 6:43 AM

Seems to work, i tried both:

1. server mode (user auth with ldap backend)

2. server mode (ssl/tls+user auth with local database)

the openvpn client logs seem to be equal. I was a bit confused first because of the error message shown on the screenshot I attatched.

remote_access_ssl_tls_user_auth_local_database.txt
remote_access_user_auth_ldap.txt

jimp · Jun 30, 2010, 12:40 PM

Ah, now I remember why this was. LDAP/RADIUS was meant to work with just "user auth" completely in the GUI, otherwise you have to make the certificates for the users by hand.

For SSL/TLS+User Auth, it does everything in the User Manager locally, but since the router doesn't have a database of users in LDAP/RADIUS, it doesn't (currently?) have a GUI for making arbitrary keys.

beppo · Jun 30, 2010, 1:17 PM

Ok, now I understand.