Feature Request / Bug Fix / Work Around (OpenVPN group policy not working)
-
I am using:
2.2.3-RELEASE (amd64)
built on Tue Jun 23 16:37:42 CDT 2015
FreeBSD 10.1-RELEASE-p13Version of PfSense, I was on version 2.2.4 64bit was having issues with DHCP so I needed to downgrade until 2.2.5 comes out (Hopefully). Anyway I currently use LDAP for authenticating to my various PfSense boxes. I decided to kill my PPTP server and get an OpenVPN server with Certificates and LDAP authentication. Everything is working but the problem is there is no option to specify which group should be allowed to access OpenVPN and in the group attributes in user manager there is no options for UserOpenVPN, there are options for PPTP, IPSEC, L2TP.
I was able to come up with a work around by using the extended query field (Under LDAP) to search for the 'memberOf' membership which is what I want. I then had to duplicate the LDAP server with just that small change to the field to target the membership that I wanted (Admins of PfSense firewall, OVPN remote users, etc). Works well but seems like a silly way to do it. I would love to be able to setup the LDAP server generally like it is now, but then have a group field added to OpenVPN server, or Webgui, or whatever which would override or append the query to add the memberOf. I welcome everyone's input.
Thanks in Advances