VPN configuration integrated to AD

NethServer Version: NS8
Module: samba

Is there any easy way to perform a VPN configuration on NS8? I am searching this forum trying to find out some examples, but all them are referring to version 6 and 7.

Basically I would like to add these features below to NS8:

VPN Single SignOn with Samba AD - SambaWiki

Although wireguard is a crucial part of NS8, there’s no official vpn module. But @mrmarkuz brought wg-easy:

1 Like

Why do you want to terminate a VPN directly on the server? Why not on the gateway / firewall?

Thank you. I will try it.

I need the ability to define using AD what users can connect or not using VPN and also is possible to use the same username/password combination to authenticate.

Then tell your gateway / firewall to use the AD of the NS 8 for authentication.

Is it possible to do it using wg-easy?

This is necessary if you are using a KVM server with a hosting provider without access to a gateway.

1 Like

Yea, capote. Many other scenarios too it’s necessary to authenticate on the server.

Do you know how to make that integration?

I haven’t tried it yet because I need to solve basic problems like WordPess based on NGINX as a replacement for Apache.
But I am sure that @mrmarkuz could answer specific questions.
I would start by installing his module and then connect from an appliance like OPNSense.

1 Like

No, Wireguard doesn’t authenticate to AD, it just uses keys.

That would be nice, at least freeradius and xl2tpd containers are required.

1 Like

Do you know if there is someone in the forum that successfully implemented that setup?

No, but there’s an OpenVPN docker container.
It can be configured to use LDAP to connect to AD.
Do you need the l2tp VPN?

I think so because I want to use AD username and password.

That’s also possible with OpenVPN because it supports AD for authentication.

I will have to install a test environment to try to configure it because I have no success in my tests.

1 Like