Title: OpenVPN authentication with certificates Post by: tom0854 on Saturday 28 April 2012, 07:49:02 am Hi all,
I've setup OpenVPN in Endian firewall "community edition" with x.509+PSK authentication. but I am having some weird behaviour, please correct me if I am wrong but my understanding of this type of authentication is that the user must provide their username and password as well as a valid certificate associated with that username. from reading through the Endian firewall reference manual my understanding is that the firewall has a "Server" certificate and the clients each have a certificate to connect. I have set-up a CA and signed a server and some client certificates using OpenVPN's guide using openSSL, that's all fine however when I'm connecting to the VPN using openVPN client I have noticed this strange and insecure behaviour described below. Example: I have 2 OpenVPN users, user1 and user2. each user has a certificate signed by the CA with the username in the "Common Name" and the Netscape type is set to client. they can both connect to the VPN using OpenVPN client with a configuration file that has the CA certificate, the user certificate, and the user private key. however I can connect to the VPN by using user1 certificates and user2 username and password, this to me does not sound right, from how I understood the manual each user has their own personal certificate that is need to connect. I'm hoping that I have done something obviously wrong and any help would be greatly appreciated Title: Re: OpenVPN authentication with certificates Post by: andriser on Sunday 24 June 2012, 09:07:47 pm Hi all.
Sorry for my Enflish, I'm from Russia. I need help: please describe in more detail all the steps for configuring OpenVPN in Endian Firewall Community 2.5.1 with authentication "X.509 certificate + PSK (two factor)". Nowhere did I find such an instruction.! And is it possible to somehow integrate OpenVPN with MS Active Directory? That is, authentication is to place a MS AD. I would be very grateful! Title: Re: OpenVPN authentication with certificates Post by: kashifmax on Sunday 24 June 2012, 09:38:40 pm Code: Hi all. Sorry for my Enflish, I'm from Russia. Code: I need help: please describe in more detail all the steps for configuring OpenVPN in Endian Firewall Community 2.5.1 with authentication "X.509 certificate + PSK (two factor)". Nowhere did I find such an instruction.! Endian documentation. http://docs.endian.com/vpn.html#openvpn-server Code: And is it possible to somehow integrate OpenVPN with MS Active Directory? That is, authentication is to place a MS AD. http://www.securitywithpassion.com.au/index.php/VPN-Support/how-to-authenticate-openvpn-against-active-directory.html Title: Re: OpenVPN authentication with certificates Post by: andriser on Monday 25 June 2012, 02:01:37 pm kashifmax,
thank You very much! Title: Re: OpenVPN authentication with certificates Post by: andriser on Friday 29 June 2012, 04:30:27 pm I have successfully set up the OpenVPN-authentication "X.509 certificate + PSK (two factor)". If anyone wants to know more - please contact.
Now the next step - "Authenticate OpenVPN against Active Directory". Title: Re: OpenVPN authentication with certificates Post by: kashifmax on Tuesday 03 July 2012, 06:58:34 pm Good work man :D
|