4. Improvements to OpenVPN roadwarrior with RADIUS AD backend ?

Improvements to OpenVPN roadwarrior with RADIUS AD backend ?

  • D

    I just happened to notice the http://doc.pfsense.org/index.php/OpenVPN_with_RADIUS_via_Active_Directory howto in the Wiki, which at the beginning states that it is "intended for small businesses that want to roll out secure vpn connectivity for their users using free software. Due to the nature of its set up, which is mostly manual, this process may be too inefficient for larger businesses." and indeed taking a closer look, this howto requires manual steps to be performed for each OpenVPN client.

    Since any scaleable VPN setup beyond a handful of clients will probably include authentication against a backend (e.g. radius/AD), can we discuss how to improve this as much as possible ? E.g. based on a quick look at the OpenVPN Client Export code, it seems that step 4.2 of manually editing the cryptoapicert "SUBJ:user" may be no longer needed.

    Could someone quickly explain to me what's the security model in the pfsense OpenVPN /w AD auth setup ? e.g. do we need to protect each client's private keys with a passphrase (in case a laptop is stolen) ? etc

    TIA

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy