OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

How to enable TLS on ovpn and AD servers

https://forums.openvpn.net/viewtopic.php?t=43441

Page 1 of 1

How to enable TLS on ovpn and AD servers

Posted: Thu Jan 11, 2024 6:27 am
by JalenLuettgen
I have successfully installed OpenVPN Access Server (AS) and configured LDAP with Microsoft Active Directory. Everything appears to be functioning correctly. However, I now want to establish an encrypted connection to the Active Directory server.tunnel rush

When I enable TLS on the OpenVPN server, it doesn't work as expected. I have been unable to find any tutorials or guides that provide clear instructions on how to set up the necessary configurations on both the OpenVPN server and the Active Directory.

Could you please provide guidance on what needs to be set up on the OpenVPN server and the Active Directory server to enable an encrypted connection? I would greatly appreciate any assistance or suggestions you can provide, as I am currently unable to find any relevant resources or tutorials.

Re: How to enable TLS on ovpn and AD servers

Posted: Thu Jan 11, 2024 9:34 am
by Fadim
For enabling TLS, start by generating a TLS key using the easy-rsa tools in OpenVPN. Then, incorporate this key into your OpenVPN server's configuration file. On the Active Directory side, make sure it's set up for LDAP over SSL (LDAPS), which requires a valid certificate. This could be either from a Certificate Authority or a self-signed one that you'll also need to import into the OpenVPN server's trust store. Additionally, ensure that both servers' network settings and firewalls allow LDAPS traffic, which usually goes over port 636.

Re: How to enable TLS on ovpn and AD servers

Posted: Wed Feb 07, 2024 4:29 pm
by openvpn_inc
Hello,

You can follow the below guide:

https://openvpn.net/vpn-server-resource ... n-optional

And this one as well (Focus on the SSL LDAP Section):

https://openvpn.net/vpn-server-resource ... n-commands


Best Regards,

DynamoX

Re: How to enable TLS on ovpn and AD servers

Posted: Wed Mar 27, 2024 1:13 pm
by Katbergstrom
To enable TLS, begin by generating a TLS key using the easy-rsa tools within OpenVPN. Next, integrate this key into your OpenVPN server's configuration file. On the Active Directory side, ensure it's configured for LDAP over SSL (LDAPS), necessitating a valid certificate. This certificate can be obtained from a Certificate Authority or self-signed, but you'll also need to import it into the OpenVPN server's trust store. Furthermore, verify that both servers' network settings and firewalls permit LDAPS traffic, typically transmitted over port 636.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/