[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

[Openvpn-users] Announcing OpenVPN Auth-LDAP 2.0-beta2

  • Subject: [Openvpn-users] Announcing OpenVPN Auth-LDAP 2.0-beta2
  • From: Landon Fuller <landonf@xxxxxxxxxxxxxx>
  • Date: Mon, 21 Aug 2006 16:07:51 -0700

I'd like to announce the first public beta release of version 2.0 of our LDAP authentication plugin for OpenVPN[1] :

This release is a vast improvement on the rudimentary 1.0 plugin -- new features include: - Full support for LDAP search filters -- no more DN templates required.
	- Group-based access control. (rfc2307bis / LDAP)
- Integration with the OpenBSD Packet Filter. Can add and remove VPN clients to PF tables on connect/disconnect -- even on the basis of group membership. Tested on FreeBSD.
	- Easy to understand Apache-style configuration file.

I hope that this plugin will serve as a solid base for adding additional OpenVPN-specific LDAP features, such as the PF firewall integration.

This code should be fairly solid -- it has near 100% unit test coverage, has been subject to full regression testing, and has been rigorously tested for code errors and memory leaks under valgrind. The code also operates flawlessly inside of chrooted OpenVPN instance. We are currently using the module on our production VPN server.

Built with the distribution is an independent plugin driver that can be used to test the plugin and your configuration outside of OpenVPN. After you have built the plugin, the driver can be run as follows:
	./src/testplugin <config file>
Landon Fuller
Three Rings Design, Inc.

[1] Version 1.0 of this plugin was hosted on the OpenDarwin website:

Attachment: PGP.sig
Description: This is a digitally signed message part

Get stuff done quickly with pre-integrated technology to make your job easier
Openvpn-users mailing list