VPN-基于LDAP认证的OpenVPN
安装
yum install -y openvpn openvpn-auth-ldap配置
证书
关于生成证书请参考 VPN-基于OpenVPN构建
/etc/openvpn/server.conf
port 1194 proto tcp dev tun ca /etc/openvpn/easy-rsa/keys/ca.crt cert /etc/openvpn/easy-rsa/keys/BJ.crt key /etc/openvpn/easy-rsa/keys/BJ.key # This file should be kept secret dh /etc/openvpn/easy-rsa/keys/dh2048.pem server 172.16.100.0 255.255.255.0 ifconfig-pool-persist ipp.txt duplicate-cn keepalive 5 60 comp-lzo persist-key persist-tun status openvpn-status.log verb 3 push "redirect-gateway def1 bypass-dhcp bypass-dns" push "dhcp-option DNS 8.8.8.8" plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-ldap.so "/etc/openvpn/auth/ldap.conf uid=%u " client-cert-not-required username-as-common-name
/etc/openvpn/auth/ldap.conf
URL ldaps://dir.example.com:636 BindDN uid=apps,ou=Operations,ou=People,dc=example,dc=com Password changeme Timeout 15 TLSEnable no FollowReferrals yes BaseDN "dc=example,dc=com" SearchFilter "(uid=%u)" RequireGroup false BaseDN "ou=Groups,dc=example,dc=com" SearchFilter "(|(cn=developers)(cn=artists))" MemberAttribute uniqueMember/etc/openldap/ldap.conf
最后追加一行
TLS_REQCERT never与桥接模式集成
openvpn-auth-ldap不支持桥接模式,需要打patch才能正常工作,具体参考这里
参考链接 https://openvpn.net/index.php/open-source/documentation/howto.html#pki文章来源:
Author:admin
link:http://xdays.me/vpn-基于LDAP认证的openvpn.html
下一篇:Keepalived安装配置
上一篇:Zabbix监控MySQL