I have successfully installed OpenVPN Access Server (AS) and configured LDAP with Microsoft Active Directory. Everything appears to be functioning correctly. However, I now want to establish an encrypted connection to the Active Directory server.tunnel rush
When I enable TLS on the OpenVPN server, it doesn't work as expected. I have been unable to find any tutorials or guides that provide clear instructions on how to set up the necessary configurations on both the OpenVPN server and the Active Directory.
Could you please provide guidance on what needs to be set up on the OpenVPN server and the Active Directory server to enable an encrypted connection? I would greatly appreciate any assistance or suggestions you can provide, as I am currently unable to find any relevant resources or tutorials.
How to enable TLS on ovpn and AD servers
-
JalenLuettgen
- OpenVpn Newbie
- Posts: 1
- Joined: Thu Jan 11, 2024 6:21 am
-
Fadim
- OpenVPN User
- Posts: 40
- Joined: Mon May 15, 2023 12:14 pm
Re: How to enable TLS on ovpn and AD servers
For enabling TLS, start by generating a TLS key using the easy-rsa tools in OpenVPN. Then, incorporate this key into your OpenVPN server's configuration file. On the Active Directory side, make sure it's set up for LDAP over SSL (LDAPS), which requires a valid certificate. This could be either from a Certificate Authority or a self-signed one that you'll also need to import into the OpenVPN server's trust store. Additionally, ensure that both servers' network settings and firewalls allow LDAPS traffic, which usually goes over port 636.
-
openvpn_inc
- OpenVPN Inc.
- Posts: 1333
- Joined: Tue Feb 16, 2021 10:41 am
Re: How to enable TLS on ovpn and AD servers
Hello,
You can follow the below guide:
https://openvpn.net/vpn-server-resource ... n-optional
And this one as well (Focus on the SSL LDAP Section):
https://openvpn.net/vpn-server-resource ... n-commands
Best Regards,
DynamoX
You can follow the below guide:
https://openvpn.net/vpn-server-resource ... n-optional
And this one as well (Focus on the SSL LDAP Section):
https://openvpn.net/vpn-server-resource ... n-commands
Best Regards,
DynamoX
OpenVPN Inc.Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
-
Katbergstrom
- OpenVpn Newbie
- Posts: 2
- Joined: Tue Mar 19, 2024 4:33 pm
Re: How to enable TLS on ovpn and AD servers
To enable TLS, begin by generating a TLS key using the easy-rsa tools within OpenVPN. Next, integrate this key into your OpenVPN server's configuration file. On the Active Directory side, ensure it's configured for LDAP over SSL (LDAPS), necessitating a valid certificate. This certificate can be obtained from a Certificate Authority or self-signed, but you'll also need to import it into the OpenVPN server's trust store. Furthermore, verify that both servers' network settings and firewalls permit LDAPS traffic, typically transmitted over port 636.