Documentation

About This Page

Here you can find guidance on how to configure OpenVPN-AD-Check. We assume you already know the basic about OpenVPN configuration.

I think it is importante to remember you that, for while, I am developing/testing/minding Alpine Linux. Maybe it'll work on other Linux systems but the point is: I didn't test it in other system - yet.

About OpenVPN-AD-check

This project started with the need of authenticate OpenVPN users against Active Directory. But not only this, we had a need of give permissions to stablish the VPN only for some users. So, we had to search on a given group, even if the user is a valid one, if he/she is not in that group then he/she have no right to stablish VPN.

This is the goal of this project.

Deps

Before start configuring OpenVPN-AD-Check make sure the following packages are installed:

  • OpenVPN
  • Lua-LDAP
  • Git

Alpine Linux Comand:

# apk add openvpn lua-ldap git

Downloading

Change directory to /etc/openvpn/, download the files and set the necessary permition. do this in command line:

# cd /etc/openvpn/
# git clone git://git.code.sf.net/p/openvpnadcheck/code openvpnadcheck
# cd openvpnadcheck/
# chmod a+x openvpnadcheck.lua

Configuring - OpenVPN-AD-check

Inside OpenVPN-AD-Check's directory you will find the configuration file named: openvpnadcheck.conf. There You'll need to configure only three variables:

The DNS name or IP address for Active Directory Server

AD_server="myadserver.domain.com"

The domain that your users belongs to

AD_domain="myad.domain.com"

The group that your users must to be part of to be authorized to stablish a VPN

AD_dn="CN=VPN,OU=Groups,DC=domain,DC=com"

Configuring - OpenVPN (Server and Clients)

In OpenVPN's server side you'll need to add the following lines:

script-security 3
auth-user-pass-verify /etc/openvpn/openvpnadcheck/openvpnadcheck.lua via-env

In OpenVPN's client side you'll need to add the following line:

auth-user-pass