LDAP+Certificate for OPenVPN on PFSense 2.1.2



  • I have successfully done the following:

    • Setup a LocalCA on the PFSense Box
    • Setup an LDAP Authentication Server
    • Tested and it is working
    • Installed the OpenVPN Client Export Package

    Now I want to know the best way to setup Certificate + User-Auth against LDAP to authenticate users. So I did the following:

    • Create a Certificate using the LocalCA with the same common name as the LDAP user ID = jsmith
    • Run through the Wizard and it completes and I can download and install the windows client and it logs in, however it is not utilizing the client certificate.

    For the client export is shows:  Authentication Only (No Cert) for user and "none" for Certificate name.  I am sure it is something simply I am missing, but how do I create certificates for users and get them to show in the client install packages section?

    Any help / pointers appreciated.

    Thank you,
    Brian



  • You have to assign your CA to your OVPN server and the user have to get a certificate from the same CA.
    For this go to System > user manager > server tab and add your LDAP server there. After it is configured correctly you should see the user at users tab, edit the user and add a certificate.