I'm trying to work through this, step by step and I'm getting problems with the LDAP configuration.
Somehow, this server will let me on irrespective of what I type as the password in the client.
Code: Select all
<LDAP>
URL "ldaps://ldaps.########.###"
BindDN "openvpnldap@#######.###"
Password "##############"
Timeout 60
TLSEnable no
FollowReferrals yes
TLSCACertDir /etc/ssl/certs
</LDAP>
<Authorization>
PasswordIsCR true
BaseDN "OU=AADDC Users,DC=olmgroup,DC=com"
SearchFilter "(mail=%u)"
RequireGroup false
</Authorization>
Code: Select all
port 1194
proto udp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh.pem
cipher AES-256-CBC
auth SHA512
server 10.8.0.0 255.255.255.0
push "route 10.160.0.0 255.255.0.0"
#push "route 10.160.1.0 255.255.255.0"
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
status-version 2
verb 4
reneg-sec 36000
tls-server
tmp-dir "/etc/openvpn/tmp/"
plugin /usr/lib/openvpn/openvpn-auth-ldap.so ldap.config
plugin /usr/lib/openvpn/openvpn-otp.so "debug=1 password_is_cr=1 otp_secrets=/etc/openvpn/auth/otp-secrets"
log-append /var/log/openvpn/openvpn.log
#duplicate-cn
ifconfig-pool-persist "/etc/openvpn/ipp.txt"
management localhost 5555
username-as-common-name