About This Page

Here you can find guidance on how to configure OpenVPN-AD-Check. We assume you already know the basic about OpenVPN configuration.

I think it is importante to remember you that, for while, I am developing/testing/minding Alpine Linux. Maybe it'll work on other Linux systems but the point is: I didn't test it in other system - yet.

About OpenVPN-AD-check

This project started with the need of authenticate OpenVPN users against Active Directory. But not only this, we had a need of give permissions to stablish the VPN only for some users. So, we had to search on a given group, even if the user is a valid one, if he/she is not in that group then he/she have no right to stablish VPN.

This is the goal of this project.


Before start configuring OpenVPN-AD-Check make sure the following packages are installed:

  • OpenVPN
  • Lua-LDAP
  • Git

Alpine Linux Comand:

# apk add openvpn lua-ldap git


Change directory to /etc/openvpn/, download the files and set the necessary permition. do this in command line:

# cd /etc/openvpn/
# git clone git:// openvpnadcheck
# cd openvpnadcheck/
# chmod a+x openvpnadcheck.lua

Configuring - OpenVPN-AD-check

Inside OpenVPN-AD-Check's directory you will find the configuration file named: openvpnadcheck.conf. There You'll need to configure only three variables:

The DNS name or IP address for Active Directory Server


The domain that your users belongs to


The group that your users must to be part of to be authorized to stablish a VPN


Configuring - OpenVPN (Server and Clients)

In OpenVPN's server side you'll need to add the following lines:

script-security 3
auth-user-pass-verify /etc/openvpn/openvpnadcheck/openvpnadcheck.lua via-env

In OpenVPN's client side you'll need to add the following line: