[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Dual authentication help

  • Subject: Re: [Openvpn-users] Dual authentication help
  • From: Dimitri Yioulos <dyioulos@xxxxxxxxxxxxx>
  • Date: Mon, 12 Sep 2005 10:08:57 -0400
On Saturday 10 September 2005 6:28 am, Morten Christensen wrote:
> Dimitri Yioulos skrev den 09-09-2005 14:47:
> > Many thanks to you and to Charles for your responses.  I now have dual
> > authentication working!  I will certainly investigate using radius, as
> > I'm a security paranoid.
> >
> > Thanks, again.
> >
> > Dimitri
> >
> > On Thursday 08 September 2005 9:37 pm, Ed Wallig wrote:
> >> Hi Dimitri,
> >>
> >> Here's a good starting place - it uses RADIUS for user authentication.
> >> In my case, I'm using it in conjunction w/ IAS / Active Directory.
> >>
> >> http://openvpn.net/archive/openvpn-users/2005-04/msg00003.html
> >>
> >>
> >> Dimitri Yioulos <dyioulos@xxxxxxxxxxxxx> wrote:
> >>
> >> But, I think I'd like to implement dual authentication - ssl certs and
> >> user login.
>
> Could you make a description of, how you made the setup for the rest of
> us wanting to do the same thing ?

Happy to, but will also suggest reading the How-to.

In case I haven't mentioned it previously, my OpenVPN server sits in a DMZ.  I 
also have an iptables firewall/gateway.  Our PDC is a Win2k3 server (only Win 
server out of eight, I'm happy to say!).  With that said:

Firstly, winbind, but not smb, is enabled on the OpenVPN server, as a means of 
getting user uname and password from Win2k3 ADS.

Next, the following directive is added to server.conf

plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so login (obviously, 
find the location of your own openvpn-auth-pam.so)

I am pushing dns and WINS to the clients.  I'm not 100% sure if this is 
necessary or not.

Then, add the following directive in client.conf (or, in my case, client.ovpn, 
as I'm using OpenVPN gu):

auth-user-pass

I added the following route to my gateway:

-net ovpnnetworkipaddr netmask 255.255.255.0 gw ovpnserverinsideipaddr

That's about it.  Pretty simple, really.  Let me know if it works for you.

Dimitri

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-09/msg00132.html on line 232

Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-09/msg00132.html on line 232