[kwlug-disc] OpenVPN with multiple servers

John Van Ostrand john at netdirect.ca
Tue Dec 21 12:55:36 EST 2010


----- Original Message -----
> With respect to John's message: I think I am getting confused about
> authorization. I don't understand where/how OpenVPN servers authorize
> their clients.

Do you have openVPN configured to authorize via LDAP?

I found a how to (http://www.howtoforge.com/setting-up-an-openvpn-server-with-authentication-against-openldap-on-ubuntu-10.04-lts) that seems to cover your experience.

If you want to differentiate between users on ServerA and ServerB you can change this line in each of the server's openVPN configuration:

/etc/openvpn/auth/auth-ldap.conf:

SearchFilter    "(&(objectClass=mailUser)(accountStatus=active)(enabledService=vpn))"

Change the "enabledService=vpn" to something like "enabledService=server-a-vpn" and "enabledService=server-b-vpn". 

There are other solutions to this and many could involve changing this SearchFilter. If there is a more natural way of differeniating users (like all have some other attribute) then you could opt for that. The enabledService is good in that it's direct. In other words if you said that all entries with a "mail" attribute could auth with ServerA you might make a mistake latter by giving an mail attribute to someone who you don't want ServerA access.


-- 
John Van Ostrand 
CTO, co-CEO 
Net Direct Inc. 
564 Weber St. N. Unit 12, Waterloo, ON N2L 5C6 
Ph: 866-883-1172 x5102 
Fx: 519-883-8533 

Linux Solutions / IBM Hardware 




More information about the kwlug-disc_kwlug.org mailing list