Answer the question
In order to leave comments, you need to log in
What is the best way to implement a bunch of OpenVPN + Radius + Ldap?
Good afternoon! There is the following scheme:
There is a radius server + openldap authorization by poppy address + mikrotik, which gives ip from openldap.
The task was to deploy openvpn on mikrotike. Made.
Now the leader came up with a brilliant idea to tie openldap and mikrotik certificates + openvpn authorization through a radius to create a unified authorization system for various branches of the country.
That is, as I understand it, certificates and credentials for authorization (there is a flag for the radius in the PPP -> secrets section) should be taken from openldap. I did not find explicit attributes from the radius scheme for openldap, but there are kpiCA and pkiUser.
Now the actual question is how best to implement this scheme? Transfer openvpn to a full-fledged server? Is it possible to pull certificates from openldap? I will be glad to ideas and offers. Thanks
Answer the question
In order to leave comments, you need to log in
Best of all - a separate virtual machine with a VPN server.
Take FreeIPA as LDAP+RADIUS+Web Interface and openconnect instead of OpenVPN.
Openconnect is compatible with all mobile devices and the Cisco AnyConnect client.
Works on https and without certificates. Of course they can, but they don't have to.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question