Welcome, Guest. Please login or register.
Did you miss your activation email?
Saturday 28 December 2024, 12:12:24 am

Login with username, password and session length

CLICK HERE for the The official Endian Roadmap and Issue tracker
14262 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  VPN Support
| | |-+  OpenVPN authentication with certificates
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: OpenVPN authentication with certificates  (Read 26719 times)
tom0854
Jr. Member
*
Offline Offline

Posts: 1


« on: Saturday 28 April 2012, 07:49:02 am »

Hi all,
I've setup OpenVPN in Endian firewall "community edition" with x.509+PSK authentication. but I am having some weird behaviour, please correct me if I am wrong but my understanding of this type of authentication is that the user must provide their username and password as well as a valid certificate associated with that username. from reading through the Endian firewall reference manual my understanding is that the firewall has a "Server" certificate and the clients each have a certificate to connect. I have set-up a CA and signed a server and some client certificates using OpenVPN's guide using openSSL, that's all fine however when I'm connecting to the VPN using openVPN client I have noticed this strange and insecure behaviour described below.

Example:
I have 2 OpenVPN users, user1 and user2.
each user has a certificate signed by the CA with the username in the "Common Name" and the Netscape type is set to client.
they can both connect to the VPN using OpenVPN client with a configuration file that has the CA certificate, the user certificate, and the user private key. however I can connect to the VPN by using user1 certificates and user2 username and password,
this to me does not sound right, from how I understood the manual each user has their own personal certificate that is need to connect. I'm hoping that I have done something obviously wrong and any help would be greatly appreciated
Logged
andriser
Jr. Member
*
Offline Offline

Posts: 7


« Reply #1 on: Sunday 24 June 2012, 09:07:47 pm »

Hi all.

Sorry for my Enflish, I'm from Russia. I need help: please describe in more detail all the steps for configuring OpenVPN in Endian Firewall Community 2.5.1 with authentication "X.509 certificate + PSK (two factor)". Nowhere did I find such an instruction.!

And is it possible to somehow integrate OpenVPN with MS Active Directory? That is, authentication is to place a MS AD.

I would be very grateful!
Logged
kashifmax
Sr. Member
****
Offline Offline

Gender: Female
Posts: 108


« Reply #2 on: Sunday 24 June 2012, 09:38:40 pm »

Code:
Hi all. Sorry for my Enflish, I'm from Russia.
No problem  Wink at least you know how to type Grin

Code:
I need help: please describe in more detail all the steps for configuring OpenVPN in Endian Firewall Community 2.5.1 with authentication "X.509 certificate + PSK (two factor)". Nowhere did I find such an instruction.!
Honestly, I didn't tried this two factor authentication. I am using PSK.
Endian documentation.
http://docs.endian.com/vpn.html#openvpn-server

Code:
And is it possible to somehow integrate OpenVPN with MS Active Directory? That is, authentication is to place a MS AD.
Yes there is
http://www.securitywithpassion.com.au/index.php/VPN-Support/how-to-authenticate-openvpn-against-active-directory.html
Logged
andriser
Jr. Member
*
Offline Offline

Posts: 7


« Reply #3 on: Monday 25 June 2012, 02:01:37 pm »

kashifmax,

thank You very much!
Logged
andriser
Jr. Member
*
Offline Offline

Posts: 7


« Reply #4 on: Friday 29 June 2012, 04:30:27 pm »

I have successfully set up the OpenVPN-authentication "X.509 certificate + PSK (two factor)". If anyone wants to know more - please contact.

Now the next step - "Authenticate OpenVPN against Active Directory".
Logged
kashifmax
Sr. Member
****
Offline Offline

Gender: Female
Posts: 108


« Reply #5 on: Tuesday 03 July 2012, 06:58:34 pm »

Good work man  Cheesy
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.078 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com