Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Improvements to OpenVPN roadwarrior with RADIUS AD backend ?

    OpenVPN
    1
    1
    978
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dhatz last edited by

      I just happened to notice the http://doc.pfsense.org/index.php/OpenVPN_with_RADIUS_via_Active_Directory howto in the Wiki, which at the beginning states that it is "intended for small businesses that want to roll out secure vpn connectivity for their users using free software. Due to the nature of its set up, which is mostly manual, this process may be too inefficient for larger businesses." and indeed taking a closer look, this howto requires manual steps to be performed for each OpenVPN client.

      Since any scaleable VPN setup beyond a handful of clients will probably include authentication against a backend (e.g. radius/AD), can we discuss how to improve this as much as possible ? E.g. based on a quick look at the OpenVPN Client Export code, it seems that step 4.2 of manually editing the cryptoapicert "SUBJ:user" may be no longer needed.

      Could someone quickly explain to me what's the security model in the pfsense OpenVPN /w AD auth setup ? e.g. do we need to protect each client's private keys with a passphrase (in case a laptop is stolen) ? etc

      TIA

      1 Reply Last reply Reply Quote 0
      • First post
        Last post