Welcome, Guest. Please login or register.
Did you miss your activation email?
Thursday 19 December 2024, 05:46:12 am

Login with username, password and session length

CLICK HERE for the The official Endian Roadmap and Issue tracker
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  VPN Support
| | |-+  OpenVPN and AD groups
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: OpenVPN and AD groups  (Read 11344 times)
Siddique
Jr. Member
*
Offline Offline

Posts: 2


« on: Saturday 25 February 2012, 06:18:53 am »

Hi,  I currently have three sites, two with physical locations and one cloud.  We have our Endian servers at all sites and are tied to our Active Directory. 

Office 1 - VPN CAN
Office 2 - VPN IND
Cloud - VPN Global

The way we'd like to have it is that Office 1 only allows VPN CAN and Office 2 only allows VPN IND.  We want to have both groups able to use the Cloud one via a nested group in active directory.  So far I can't seem to get it to work.  Below is a copy of my /var/efw/openvpn/settings file.  Ideally we'd like to have 2 different OU's but that didn't seem something we could easily do.

AUTHENTICATION_STACK=ldap,local
AUTH_TYPE=psk
CLIENT_TO_CLIENT=on
DOMAIN={domain}
DROP_DHCP=on
GLOBAL_DNS={dns servers}
GLOBAL_NETWORKS={networks}
LDAP_BIND_DN={LDAP container}
LDAP_BIND_PASSWORD={password}
LDAP_URI=ldap://{primary ldap server}
LDAP_USER_BASEDN={Container with users}
LDAP_USER_SEARCHFILTER=(&(objectCategory=person)(objectClass=user)(sAMAccountName=%(u)s)(memberof=CN=VPN.CAN,OU=Groups-NonSecure,DC=Corp,DC=AwareBase,DC=net))
OPENVPN_ENABLED=on
PORT=1194
PROTOCOL=udp
PURPLECLIENT_BEGIN_DEVICE=tap2
PURPLE_DEVICE=tap0
PURPLE_IP_BEGIN={VPN IP Range Start}
PURPLE_IP_END={VPN IP Range End}
PURPLE_NET=
PUSH_DOMAIN=on
PUSH_GLOBAL_DNS=on
PUSH_GLOBAL_NETWORKS=on

Thanks,

Siddique
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.047 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com