Skip to main content

OpenVPN

OpenVPN Configuration

  • Before starting, please be sure to have a functional VPN

    Note: Please be sure to have a TrustelemConnect app correctly configured

  • Install the openvpn-auth-ldap package on the vpn machine by running the apt install openvpn-auth-ldap command

  • Copy the file that was created /usr/share/doc/openvpn-auth-ldap/examples/auth-ldap.conf this way /etc/openvpn/auth/ldap.conf

  • Setup a custom LDAP service account as well as a custom LDAP password on the trustelem app settings (optional)

  • Copy the field's content below into the ldap.conf file you just copied and change the Bind DN line with the required information

<LDAP>
    # URL of the server where TrustelemConnect is running
    URL ldap://address:port
    # Bind DN
    BindDN cn=trustelem,DC=mydomain,DC=trustelem,DC=com
    # Bind password
    Password xNc3x8T0hFtKKpQq
    # Network timeout (in seconds)
    Timeout 30
    # Enable Start TLS
    TLSEnable no
    # Follow LDAP Referrals (anonymously)
    FollowReferrals yes
    # TLS CA Certificate File
    TLSCACertFile /usr/local/etc/ssl/ca.pem
    # TLS CA Certificate Directory
    TLSCACertDir /etc/ssl/certs
    # Client Certificate and key
    # If TLS client authentication is required
    TLSCertFile /usr/local/etc/ssl/client-cert.pem
    TLSKeyFile /usr/local/etc/ssl/client-key.pem
    # Cipher Suite
    # The defaults are usually fine here
    # TLSCipherSuite ALL:!ADH:@STRENGTH
</LDAP>

<Authorization>
    # Base DN
    BaseDN DC=mydomain,DC=trustelem,DC=com
    # User Search Filter
    SearchFilter "(mail=%u)"
    # Require Group Membership
    RequireGroup false
    # Add non-group members to a PF table (disabled)
    #PFTable ips_vpn_users
    # Uncomment and set to true to support OpenVPN Challenge/Response
    #PasswordIsCR false
</Authorization>
  • Add the line plugin /usr/lib/openvpn/openvpn-auth-ldap.so /etc/openvpn/auth/ldap.conf to your server config file

  • Restart your OpenVPN server

OpenVPN configuration

Before starting, please be sure to have a functional VPN
Note: Please be sure to have a TrustelemConnect app correctly configured

  • On the administrator dashboard, under the authentication category click on general and turn on radius

  • At the bottom of the page click on Save

  • On the administrator dashboard, under the authentication category click on radius

  • Select PAP authentication method, in the host field enter the address of the server where your TrustelemConnect app is running

  • Enter your secret in the Shared Secret field as well as the port in the Authentication Port field (often 1812)

OpenVPN configuration

Before starting, please be sure to have a functional VPN

  • On the administrator dashboard, under the settings category click on user authentication

  • Click on edit, select saml and click on the configure button

  • Copy the Issuer Name value in the Entity ID field on the trustelem configuration page

  • On the next page select IdP Metadata XML and copy the metadata.xml content into the planned empty field

  • Click on next then finish

Trustelem configuration

In the trustelem Login URL field enter:

  • The same value of the EntityID field in order to show an help application to configure OpenVPN on the user dashboard

  • Or '-' in order to hide the OpenVPN app from the user dashboard