?
Solved

Ipcop OpenVPN & LDAP

Posted on 2010-08-15
10
Medium Priority
?
1,490 Views
Last Modified: 2012-05-10
How can I setup VPN using Ipcop with OpenVPN and have LDAP authentication, is this possible?

I believe it is possible using Endian, but was curious if it was possible using Ipcop and OpenVPN.

Thanks.
0
Comment
Question by:rnits
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
10 Comments
 
LVL 10

Expert Comment

by:pfrancois
ID: 33444991
Yes, it is possible: you have to install two addons on ipcop:

advproxy; see: http://www.advproxy.net/
openvpn (also called zerina): see http://www.zerina.de/

About IPCop addons, see webpage: http://www.ipcop.org/index-pn.php?module=pnWikka&func=history&tag=IPCopAddons

0
 

Author Comment

by:rnits
ID: 33445136
But, can I use Ldap Authentication when using OpenVPN, so the user is using their username/password that is on Ldap.

Thanks.
0
 
LVL 10

Expert Comment

by:pfrancois
ID: 33445201
What kind of identification do you want to do: identifying a user on the LAN to allow him access on the Internet?
0
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

 

Author Comment

by:rnits
ID: 33445227
Well, OpenVPN needs a user/password to get into the network.  I want to authenticate this to the ldap server.  

Basically, authenticate users that log in using OpenVPN to the ldap server.
0
 
LVL 10

Expert Comment

by:pfrancois
ID: 33445548
I understand in your case that the LDAP server is on the local LAN and that users wants to connect to a remote VPN. So you use your local OpenVPN as a client for connecting to remote VPNs, not as a server for incoming connections from outside. Am I right? I suppose the IPCop is locally running.
0
 

Author Comment

by:rnits
ID: 33446259
So here is the diagram:

External Network (Red Network) --> IP Cop Firewall/OpenVPN Server --> Internal Network (Green Network) --> Ldap Server (Windows 2k3 Server)

So the OpenVPN Client would connect to OpenVPN Server to get access to the Internal Network.

0
 
LVL 10

Expert Comment

by:pfrancois
ID: 33446621
Oh, I understand: you try to connect to the green network from outside. In that case, you don't need the ldap server of advproxy. OpenVPN is enough.

But... as long as the tunnel is not open, you don't have access to the the ldap server. OpenVPN has his own system of authentication with certificates. As far as I know, you would have to authenticate twice: once for opening the VPN tunnel, normally with certificates (my VPN client connects transparently), and second with ldap once you are on the green network through VPN.

I fear the authentication of ldap and vpn are not compatible.
0
 

Author Comment

by:rnits
ID: 33446868
Hence, I do not want to authenticate twice.  That is my main problem. :)

I was hoping there was another way of setting up OpenVPN to authenticate only once.
0
 
LVL 10

Expert Comment

by:pfrancois
ID: 33447436
OpenVPN implies a very secure  way of authentication, with encrypting and certificates. ldap is just checking a pair of username/password but offers no encrypted communication. ldap is not strong enough for supporting the level of ssh tunneling implied by OpenVPN.

I propose two solutions:

a) use clients that authenticate in a user transparent way, at least the VPN part;

b) connect through ldap without tunneling but simply by opening the corresponding port on IPCop (do NOT do that, it is very unsecure).
0
 

Accepted Solution

by:
rnits earned 0 total points
ID: 33454213
So, here is what I found:

IPCop with OpenVPN can not authenticate with an LDAP server.

0

Featured Post

DFW AZURE MEETUP TONIGHT FRI 6PM

We will be discussing what Azure Stack is, how does it fit into the suit of offerings that Azure has currently, and where can it fit into your organizations technology stack. We will also be discussing limitations of the platform while covering various applicable scenarios.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question