2022年9月17日 星期六

Ubuntu 20.04安裝OpenVPN + Windows AD認證整合

  • Ubuntu 20.04透過自動腳本安裝OpenVPN Server

curl -O https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh

chmod +x openvpn-install.sh

執行自動腳本,安裝過程會產生OpenVPN客戶端配置文件,、。

./openvpn-install.sh

設定開機自動執行OpenVPN Server

sudo systemctl enable openvpn

sudo systemctl status openvpn

sudo systemctl restart openvpn

sudo systemctl start openvpn

sudo systemctl stop openvpn

參考:https://2error.net/zh-hant/%E5%A6%82%E4%BD%95%E5%9C%A8-ubuntu-20-04-%E4%B8%AD%E5%AE%89%E8%A3%9D-openvpn

於Windows 10客戶端上安裝OpenVPN客戶端Community Edition

匯入OpenVPN客戶端配置文件即可連線成功

  • OpenVPN Server整合Windows AD認證

安裝OpenVPN LDAP package

sudo apt install openvpn-auth-ldap

複製LDAP設定檔

cp -v /usr/share/doc/openvpn-auth-ldap/examples/auth-ldap.conf /etc/openvpn/auth/auth-ldap.conf

修改LDAP設定檔

sudo vi /etc/openvpn/auth/auth-ldap.conf

URL ldap://x.x.x.x

BindDN "CN=openvpn,CN=xxx,DC=xxx,DC=xxx,DC=xxx,DC=xxx,DC=xxx"

Password xxx

TLSEnable no

BaseDN "CN=xxx,DC=xxx,DC=xxx,DC=xxx,DC=xxx,DC=xxx"

SearchFilter "(cn=%u)"

修改OpenVPN伺服器端配置文件

sudo vi /etc/openvpn/server.conf

#user nobody

#group nogroup

push "dhcp-option DNS 140.110.16.1"

push "dhcp-option DNS 140.110.4.1"

push "redirect-gateway def1 bypass-dhcp"

push "route 10.100.0.0 255.255.0.0"

status /var/log/openvpn/status.log

verb 3

#log /var/log/openvpn/openvpn.log

log-append /var/log/openvpn/openvpn.log

plugin /usr/lib/openvpn/openvpn-auth-ldap.so /etc/openvpn/auth/auth-ldap.conf

#client-cert-not-required

client-connect /etc/openvpn/script/connect.sh

client-disconnect /etc/openvpn/script/disconnect.sh

duplicate-cn

修改OpenVPN客戶端配置文件

auth-user-pass

client

proto udp

explicit-exit-notify

ignore-unknown-option block-outside-dns

#setenv opt block-outside-dns # Prevent Windows 10 DNS leak

verb 3

route-nopull

route 10.100.0.0 255.255.0.0 vpn_gateway

參考:https://medium.com/@hiranadikari993/openvpn-active-directory-authentication-726f3bac3546


沒有留言:

張貼留言