Konfigurasi ITNSA OpenVPN auth LDAP
Sebelum mencoba OpenVPN auth OpenLDAP, pastikan terlebih dahulu hal-hal berikut:
1. Konfigurasi OpenVPN terlebih dahulu agar koneksi sudah berfungsi dengan baik.
2. OpenLDAP sudah terinstall dan terkonfigurasi, pastikan user yang akan digunakan sudah bisa di query.
ldapsearch
ldapwhoami
Sesuikan perintah diatas dengan konfigurasi anda.
Selanjutnya menambahkan konfigurasi berikut:
3. Instal dan konfigurasi OpenVPN auth OpenLDAP
#apt-get install openvpn-auth-ldap
#mkdir /etc/openvpn/auth
#cp /usr/share/doc/openvpn-auth-ldap/examples/auth-ldap.conf /etc/openvpn/auth
Edit /etc/openvpn/auth/auth-ldap.conf:
auth-ldap.conf file
<LDAP>
# LDAP server URL
URL ldap://192.168.1.112 ## Your IP LDAP server or Domain (make sure it's resolved)
# Bind DN (If your LDAP server doesn't support anonymous binds)
# BindDN uid=Manager,ou=People,dc=example,dc=com
BindDN cn=admin,dc=nusantara,dc=cloud
# Bind Password
Password Skill39
# Network timeout (in seconds)
Timeout 15
# Enable Start TLS
#TLSEnable yes ##disable this if not use TLS
# Follow LDAP Referrals (anonymously)
FollowReferrals yes
# TLS CA Certificate File
#TLSCACertFile /usr/local/etc/ssl/ca.pem
# TLS CA Certificate Directory
#TLSCACertDir /etc/ssl/certs
# Client Certificate and key
# If TLS client authentication is required
#TLSCertFile /usr/local/etc/ssl/client-cert.pem
#TLSKeyFile /usr/local/etc/ssl/client-key.pem
# Cipher Suite
# The defaults are usually fine here
# TLSCipherSuite ALL:!ADH:@STRENGTH
</LDAP>
<Authorization>
# Base DN
#BaseDN "ou=People,dc=example,dc=com"
BaseDN "ou=VPN,dc=nusantara,dc=cloud"
# User Search Filter
#SearchFilter "(&(uid=%u)(accountStatus=active))"
SearchFilter "(&(uid=%u))" ## This can be defined according to your LDAP server.
# Require Group Membership
RequireGroup false
# Add non-group members to a PF table (disabled)
#PFTable ips_vpn_users
#<Group>
#BaseDN "ou=Groups,dc=example,dc=com"
#SearchFilter "(|(cn=developers)(cn=artists))"
#MemberAttribute uniqueMember
# Add group members to a PF table (disabled)
#PFTable ips_vpn_eng
#</Group>
</Authorization>
Kemudian tambahkan baris konfigurasi paling bawah di server.conf pada OpenVPN server berikut:
plugin /usr/lib/openvpn/openvpn-auth-ldap.so /etc/openvpn/auth/auth-ldap.conf
Selanjutnya konfigurasi pada OpenVPN client
Tambahkan baris konfigurasi berikut di client.conf atau client.ovpn
auth-user-pass
Restart semua service OpenVPN dan uji coba kembali koneksi anda.
Langkah-langkah troubleshooting:
1. Siapkan kesabaran dan ketekunan
2. Check step by step konfigurasi
3. Check log, OpenVPN Debian default log /var/log/syslog
4. Crosscheck antar tutorial
https://nciptandani.blogspot.com/2019/01/tips-troubleshooting-networksystems.html
1. Konfigurasi OpenVPN terlebih dahulu agar koneksi sudah berfungsi dengan baik.
2. OpenLDAP sudah terinstall dan terkonfigurasi, pastikan user yang akan digunakan sudah bisa di query.
ldapsearch
ldapwhoami
Sesuikan perintah diatas dengan konfigurasi anda.
Selanjutnya menambahkan konfigurasi berikut:
3. Instal dan konfigurasi OpenVPN auth OpenLDAP
#apt-get install openvpn-auth-ldap
#mkdir /etc/openvpn/auth
#cp /usr/share/doc/openvpn-auth-ldap/examples/auth-ldap.conf /etc/openvpn/auth
Edit /etc/openvpn/auth/auth-ldap.conf:
auth-ldap.conf file
<LDAP>
# LDAP server URL
URL ldap://192.168.1.112 ## Your IP LDAP server or Domain (make sure it's resolved)
# Bind DN (If your LDAP server doesn't support anonymous binds)
# BindDN uid=Manager,ou=People,dc=example,dc=com
BindDN cn=admin,dc=nusantara,dc=cloud
# Bind Password
Password Skill39
# Network timeout (in seconds)
Timeout 15
# Enable Start TLS
#TLSEnable yes ##disable this if not use TLS
# Follow LDAP Referrals (anonymously)
FollowReferrals yes
# TLS CA Certificate File
#TLSCACertFile /usr/local/etc/ssl/ca.pem
# TLS CA Certificate Directory
#TLSCACertDir /etc/ssl/certs
# Client Certificate and key
# If TLS client authentication is required
#TLSCertFile /usr/local/etc/ssl/client-cert.pem
#TLSKeyFile /usr/local/etc/ssl/client-key.pem
# Cipher Suite
# The defaults are usually fine here
# TLSCipherSuite ALL:!ADH:@STRENGTH
</LDAP>
<Authorization>
# Base DN
#BaseDN "ou=People,dc=example,dc=com"
BaseDN "ou=VPN,dc=nusantara,dc=cloud"
# User Search Filter
#SearchFilter "(&(uid=%u)(accountStatus=active))"
SearchFilter "(&(uid=%u))" ## This can be defined according to your LDAP server.
# Require Group Membership
RequireGroup false
# Add non-group members to a PF table (disabled)
#PFTable ips_vpn_users
#<Group>
#BaseDN "ou=Groups,dc=example,dc=com"
#SearchFilter "(|(cn=developers)(cn=artists))"
#MemberAttribute uniqueMember
# Add group members to a PF table (disabled)
#PFTable ips_vpn_eng
#</Group>
</Authorization>
Kemudian tambahkan baris konfigurasi paling bawah di server.conf pada OpenVPN server berikut:
plugin /usr/lib/openvpn/openvpn-auth-ldap.so /etc/openvpn/auth/auth-ldap.conf
Selanjutnya konfigurasi pada OpenVPN client
Tambahkan baris konfigurasi berikut di client.conf atau client.ovpn
auth-user-pass
Restart semua service OpenVPN dan uji coba kembali koneksi anda.
Langkah-langkah troubleshooting:
1. Siapkan kesabaran dan ketekunan
2. Check step by step konfigurasi
3. Check log, OpenVPN Debian default log /var/log/syslog
4. Crosscheck antar tutorial
https://nciptandani.blogspot.com/2019/01/tips-troubleshooting-networksystems.html
Komentar