VPN / openvpn-auth-ldap

NethServer Version: 7.9.2009
Module: VPN 1.7.2

Dear all, is there a best praxis to get openvpn-auth-ldap working with Nethserver

thanks to all

NethServer uses openvpn-auth-pam, do you really need openvpn-auth-ldap?

Steps to configure a Roadwarrior VPN with LDAP users:

Just enable the Roadwarrior server and add wanted system users, default settings should work.


Thanks for the hint. I’m just moving or try to move an years old hand made Config of some servers to a nethsever instance.

there i normaly manage all those things via AD-Groups in an own Samba4-AD. There where one vpn certificate per bussisnes Unit and then the have to be in the right AD-Group to join the VPN or not, so i could install the PCs all with the same config and wenn ever it is needed on can get VPN by AD.

so now I joined Nethserver to that ADC and installed VPN Module but dont find a posibility to use a Group, ‘only’ have the posibility to add every user one by one. which can be a large amount of clicks …

so yes i would prever [openvpn-auth-ldap] or maybe i missed some configuration posibility ?

No, it’s not possible to add groups to the VPN in the server manager. Instead of adding the user to the AD group you need to add it to the VPN.

I think it could be scripted like iterate through users of a given group and add/remove them to the vpn config.

You can find the VPN system users in the vpn database, see also databases.

db vpn show

To add a system user to the vpn:

db vpn set user@domain vpn-user OpenVpnIp '' VPNRemoteNetmask '' VPNRemoteNetwork '' status enabled

Any tutorial for CentOS 7 should work.