What is the best way to implement a bunch of OpenVPN + Radius + Ldap?

D

Dmitry Aitkulov2016-07-29 07:57:56

openvpn

Dmitry Aitkulov, 2016-07-29 07:57:56

Good afternoon! There is the following scheme:
There is a radius server + openldap authorization by poppy address + mikrotik, which gives ip from openldap.
The task was to deploy openvpn on mikrotike. Made.
Now the leader came up with a brilliant idea to tie openldap and mikrotik certificates + openvpn authorization through a radius to create a unified authorization system for various branches of the country.
That is, as I understand it, certificates and credentials for authorization (there is a flag for the radius in the PPP -> secrets section) should be taken from openldap. I did not find explicit attributes from the radius scheme for openldap, but there are kpiCA and pkiUser.
Now the actual question is how best to implement this scheme? Transfer openvpn to a full-fledged server? Is it possible to pull certificates from openldap? I will be glad to ideas and offers. Thanks

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

V

Vasily Pechersky, 2016-07-29
@Scarfase1989

Best of all - a separate virtual machine with a VPN server.
Take FreeIPA as LDAP+RADIUS+Web Interface and openconnect instead of OpenVPN.
Openconnect is compatible with all mobile devices and the Cisco AnyConnect client.
Works on https and without certificates. Of course they can, but they don't have to.