- Ubuntu 20.04透過自動腳本安裝OpenVPN Server
curl -O https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh
chmod +x openvpn-install.sh
執行自動腳本,安裝過程會產生OpenVPN客戶端配置文件,、。
./openvpn-install.sh
設定開機自動執行OpenVPN Server
sudo systemctl enable openvpn
sudo systemctl status openvpn
sudo systemctl restart openvpn
sudo systemctl start openvpn
sudo systemctl stop openvpn
於Windows 10客戶端上安裝OpenVPN客戶端Community Edition
匯入OpenVPN客戶端配置文件即可連線成功
- OpenVPN Server整合Windows AD認證
安裝OpenVPN LDAP package
sudo apt install openvpn-auth-ldap
複製LDAP設定檔
cp -v /usr/share/doc/openvpn-auth-ldap/examples/auth-ldap.conf /etc/openvpn/auth/auth-ldap.conf
修改LDAP設定檔
sudo vi /etc/openvpn/auth/auth-ldap.conf
URL ldap://x.x.x.x
BindDN "CN=openvpn,CN=xxx,DC=xxx,DC=xxx,DC=xxx,DC=xxx,DC=xxx"
Password xxx
TLSEnable no
BaseDN "CN=xxx,DC=xxx,DC=xxx,DC=xxx,DC=xxx,DC=xxx"
SearchFilter "(cn=%u)"
修改OpenVPN伺服器端配置文件
sudo vi /etc/openvpn/server.conf
#user nobody
#group nogroup
push "dhcp-option DNS 140.110.16.1"
push "dhcp-option DNS 140.110.4.1"
push "redirect-gateway def1 bypass-dhcp"
push "route 10.100.0.0 255.255.0.0"
status /var/log/openvpn/status.log
verb 3
#log /var/log/openvpn/openvpn.log
log-append /var/log/openvpn/openvpn.log
plugin /usr/lib/openvpn/openvpn-auth-ldap.so /etc/openvpn/auth/auth-ldap.conf
#client-cert-not-required
client-connect /etc/openvpn/script/connect.sh
client-disconnect /etc/openvpn/script/disconnect.sh
duplicate-cn
修改OpenVPN客戶端配置文件
auth-user-pass
client
proto udp
explicit-exit-notify
ignore-unknown-option block-outside-dns
#setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
route-nopull
route 10.100.0.0 255.255.0.0 vpn_gateway
參考:https://medium.com/@hiranadikari993/openvpn-active-directory-authentication-726f3bac3546