[kwlug-disc] OpenVPN with multiple servers
John Van Ostrand
john at netdirect.ca
Tue Dec 21 12:55:36 EST 2010
----- Original Message -----
> With respect to John's message: I think I am getting confused about
> authorization. I don't understand where/how OpenVPN servers authorize
> their clients.
Do you have openVPN configured to authorize via LDAP?
I found a how to (http://www.howtoforge.com/setting-up-an-openvpn-server-with-authentication-against-openldap-on-ubuntu-10.04-lts) that seems to cover your experience.
If you want to differentiate between users on ServerA and ServerB you can change this line in each of the server's openVPN configuration:
/etc/openvpn/auth/auth-ldap.conf:
SearchFilter "(&(objectClass=mailUser)(accountStatus=active)(enabledService=vpn))"
Change the "enabledService=vpn" to something like "enabledService=server-a-vpn" and "enabledService=server-b-vpn".
There are other solutions to this and many could involve changing this SearchFilter. If there is a more natural way of differeniating users (like all have some other attribute) then you could opt for that. The enabledService is good in that it's direct. In other words if you said that all entries with a "mail" attribute could auth with ServerA you might make a mistake latter by giving an mail attribute to someone who you don't want ServerA access.
--
John Van Ostrand
CTO, co-CEO
Net Direct Inc.
564 Weber St. N. Unit 12, Waterloo, ON N2L 5C6
Ph: 866-883-1172 x5102
Fx: 519-883-8533
Linux Solutions / IBM Hardware
More information about the kwlug-disc
mailing list