Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    LDAP+Certificate for OPenVPN on PFSense 2.1.2

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 2 Posters 3.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bshack
      last edited by

      I have successfully done the following:

      • Setup a LocalCA on the PFSense Box
      • Setup an LDAP Authentication Server
      • Tested and it is working
      • Installed the OpenVPN Client Export Package

      Now I want to know the best way to setup Certificate + User-Auth against LDAP to authenticate users. So I did the following:

      • Create a Certificate using the LocalCA with the same common name as the LDAP user ID = jsmith
      • Run through the Wizard and it completes and I can download and install the windows client and it logs in, however it is not utilizing the client certificate.

      For the client export is shows:  Authentication Only (No Cert) for user and "none" for Certificate name.  I am sure it is something simply I am missing, but how do I create certificates for users and get them to show in the client install packages section?

      Any help / pointers appreciated.

      Thank you,
      Brian

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        You have to assign your CA to your OVPN server and the user have to get a certificate from the same CA.
        For this go to System > user manager > server tab and add your LDAP server there. After it is configured correctly you should see the user at users tab, edit the user and add a certificate.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.