diff --git a/README.md b/README.md
index 3ea8123..a2d5f05 100644
--- a/README.md
+++ b/README.md
@@ -14,8 +14,19 @@ easy-rsa
ldap-utils
openvpn-auth-ldap
-Setup:
+Setup Assumptions:
The below instructions make the following assumptions. If you use a different setup you will need to modify accordingly.
+1. We assume your vpn name will be vpn.example.com
+2. We asssume your LDAP bind root is example.com
+3. We assume your LDAP user/pass for bind is oas_user/oas_user
+4. We assume 192.168.5.0/24 is your VPN network range
+5. We assume you want your rsa key infrastructure to live under the OpenVPN config directory in /etc
+6. We assume your public IP is 66.66.66.66 - obviously this needs to be changed in the template file in the clients directory.
+7. We assume your local network is 192.168.1.0/24 and your Active Directory or LDAP servers reside at .21 and .22 in this network.
+8. We assume that you will set up a group in Active Directory called "OpenVPNUsers" - any users in this group will have files generated and emailed automatically.
+9. You will see other variables that reference example.com - change these accordingly
+
+Setup Instructions:
1. Install and configure all pre-requisites listed above
2. sudo git clone https://github.com/joshnorth/ovpn-ad-sync.git /tmp/ovpn-ad-sync
3. sudo cp -R /usr/share/easy-rsa /etc/openvpn/rsa
diff --git a/oas_clients/template.ovpn b/oas_clients/template.ovpn
index 58f340a..b1a5bce 100644
--- a/oas_clients/template.ovpn
+++ b/oas_clients/template.ovpn
@@ -2,7 +2,8 @@ client
auth-user-pass
proto udp
dev tun
-remote 66.0.119.86 1194
+# CHANGE THIS TO MATCH YOUR SETUP PUBLIC IP ADDRESS
+remote 66.66.66.66 1194
cipher AES-256-CBC
user nobody
group nogroup
diff --git a/oas_configs/suppliesunlimited.com.ldap b/oas_configs/suppliesunlimited.com.ldap
deleted file mode 100644
index ea42d6c..0000000
--- a/oas_configs/suppliesunlimited.com.ldap
+++ /dev/null
@@ -1,61 +0,0 @@
-
-# LDAP server URL
-URL ldap://192.168.1.22:389
-
-# Bind DN (If your LDAP server doesn't support anonymous binds)
-#BindDN uid=Administrator,ou=Users,dc=Ma**,dc=li**.local
-BindDN SYS_OpenVPN@SUPPLIES.LOCAL
-
-# Bind Password
-Password whatthefreak!
-
-# Network timeout (in seconds)
-Timeout 15
-
-# Enable Start TLS
-TLSEnable no
-
-# Follow LDAP Referrals (anonymously)
-FollowReferrals yes
-
-# TLS CA Certificate File
-# TLSCACertFile /usr/local/etc/ssl/ca.pem
-
-# TLS CA Certificate Directory
-#TLSCACertDir /etc/ssl/certs
-
-# Client Certificate and key
-# If TLS client authentication is required
-# TLSCertFile /usr/local/etc/ssl/client-cert.pem
-# TLSKeyFile /usr/local/etc/ssl/client-key.pem
-
-# Cipher Suite
-# The defaults are usually fine here
-# TLSCipherSuite ALL:!ADH:@STRENGTH
-
-
-
-
-# Base DN
-#BaseDN "CN=Users,DC=test,DC=com"
-BaseDN "CN=Users,DC=supplies,DC=local"
-
-# User Search Filter
-#SearchFilter "(&(uid=%u)(accountStatus=active))"
-#SearchFilter "(&(sAMAccountName=%u)(msNPAllowDialin=TRUE))"
-SearchFilter "(&(sAMAccountName=%u))"
-
-# Require Group Membership
-RequireGroup true
-
-# Add non-group members to a PF table (disabled)
-#PFTable ips_vpn_users
-
-
-BaseDN "cn=Users,dc=supplies,dc=local"
-SearchFilter "(cn=OpenVPNUsers)"
-MemberAttribute "member"
-# Add group members to a PF table (disabled)
-#PFTable ips_vpn_eng
-
-
diff --git a/oas_configs/suppliesunlimited.com.log b/oas_configs/suppliesunlimited.com.log
deleted file mode 100644
index feb92e6..0000000
--- a/oas_configs/suppliesunlimited.com.log
+++ /dev/null
@@ -1,165 +0,0 @@
-Tue Dec 2 20:08:14 2014 OpenVPN 2.3.2 i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Feb 4 2014
-Tue Dec 2 20:08:14 2014 TUN/TAP device tun1 opened
-Tue Dec 2 20:08:14 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
-Tue Dec 2 20:08:14 2014 /sbin/ip link set dev tun1 up mtu 1500
-Tue Dec 2 20:08:14 2014 /sbin/ip addr add dev tun1 local 192.168.5.1 peer 192.168.5.2
-Tue Dec 2 20:08:14 2014 GID set to nogroup
-Tue Dec 2 20:08:14 2014 UID set to nobody
-Tue Dec 2 20:08:14 2014 UDPv4 link local (bound): [undef]
-Tue Dec 2 20:08:14 2014 UDPv4 link remote: [undef]
-Tue Dec 2 20:08:14 2014 Initialization Sequence Completed
-Tue Dec 2 20:18:34 2014 event_wait : Interrupted system call (code=4)
-RTNETLINK answers: Operation not permitted
-Tue Dec 2 20:18:34 2014 ERROR: Linux route delete command failed: external program exited with error status: 2
-Tue Dec 2 20:18:34 2014 Closing TUN/TAP interface
-Tue Dec 2 20:18:34 2014 /sbin/ip addr del dev tun1 local 192.168.5.1 peer 192.168.5.2
-RTNETLINK answers: Operation not permitted
-Tue Dec 2 20:18:34 2014 Linux ip addr del failed: external program exited with error status: 2
-Tue Dec 2 20:18:34 2014 SIGTERM[hard,] received, process exiting
-Tue Dec 2 20:20:25 2014 OpenVPN 2.3.2 i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Feb 4 2014
-Tue Dec 2 20:20:25 2014 TUN/TAP device tun1 opened
-Tue Dec 2 20:20:25 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
-Tue Dec 2 20:20:25 2014 /sbin/ip link set dev tun1 up mtu 1500
-Tue Dec 2 20:20:25 2014 /sbin/ip addr add dev tun1 local 192.168.5.1 peer 192.168.5.2
-Tue Dec 2 20:20:25 2014 GID set to nogroup
-Tue Dec 2 20:20:25 2014 UID set to nobody
-Tue Dec 2 20:20:25 2014 UDPv4 link local (bound): [undef]
-Tue Dec 2 20:20:25 2014 UDPv4 link remote: [undef]
-Tue Dec 2 20:20:25 2014 Initialization Sequence Completed
-Tue Dec 2 20:47:56 2014 event_wait : Interrupted system call (code=4)
-RTNETLINK answers: Operation not permitted
-Tue Dec 2 20:47:56 2014 ERROR: Linux route delete command failed: external program exited with error status: 2
-Tue Dec 2 20:47:56 2014 Closing TUN/TAP interface
-Tue Dec 2 20:47:56 2014 /sbin/ip addr del dev tun1 local 192.168.5.1 peer 192.168.5.2
-RTNETLINK answers: Operation not permitted
-Tue Dec 2 20:47:56 2014 Linux ip addr del failed: external program exited with error status: 2
-Tue Dec 2 20:47:56 2014 SIGTERM[hard,] received, process exiting
-Tue Dec 2 20:47:56 2014 OpenVPN 2.3.2 i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Feb 4 2014
-Tue Dec 2 20:47:56 2014 TUN/TAP device tun1 opened
-Tue Dec 2 20:47:56 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
-Tue Dec 2 20:47:56 2014 /sbin/ip link set dev tun1 up mtu 1500
-Tue Dec 2 20:47:56 2014 /sbin/ip addr add dev tun1 local 192.168.5.1 peer 192.168.5.2
-Tue Dec 2 20:47:56 2014 GID set to nogroup
-Tue Dec 2 20:47:56 2014 UID set to nobody
-Tue Dec 2 20:47:56 2014 UDPv4 link local (bound): [undef]
-Tue Dec 2 20:47:56 2014 UDPv4 link remote: [undef]
-Tue Dec 2 20:47:56 2014 Initialization Sequence Completed
-Tue Dec 2 20:48:57 2014 event_wait : Interrupted system call (code=4)
-RTNETLINK answers: Operation not permitted
-Tue Dec 2 20:48:57 2014 ERROR: Linux route delete command failed: external program exited with error status: 2
-Tue Dec 2 20:48:57 2014 Closing TUN/TAP interface
-Tue Dec 2 20:48:57 2014 /sbin/ip addr del dev tun1 local 192.168.5.1 peer 192.168.5.2
-RTNETLINK answers: Operation not permitted
-Tue Dec 2 20:48:57 2014 Linux ip addr del failed: external program exited with error status: 2
-Tue Dec 2 20:48:57 2014 SIGTERM[hard,] received, process exiting
-Tue Dec 2 20:48:57 2014 OpenVPN 2.3.2 i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Feb 4 2014
-Tue Dec 2 20:48:57 2014 TUN/TAP device tun1 opened
-Tue Dec 2 20:48:57 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
-Tue Dec 2 20:48:57 2014 /sbin/ip link set dev tun1 up mtu 1500
-Tue Dec 2 20:48:57 2014 /sbin/ip addr add dev tun1 local 192.168.5.1 peer 192.168.5.2
-Tue Dec 2 20:48:57 2014 GID set to nogroup
-Tue Dec 2 20:48:57 2014 UID set to nobody
-Tue Dec 2 20:48:57 2014 UDPv4 link local (bound): [undef]
-Tue Dec 2 20:48:57 2014 UDPv4 link remote: [undef]
-Tue Dec 2 20:48:57 2014 Initialization Sequence Completed
-Tue Dec 2 20:49:17 2014 172.56.32.233:53131 VERIFY OK: depth=1, C=US, ST=Georgia, L=Scottdale, O=Supplies Unlimited, Inc., OU=Security, CN=Supplies Unlimited, Inc. CA, name=Supplies Unlimited, Inc., emailAddress=admin@suppliesunlimited.com
-Tue Dec 2 20:49:17 2014 172.56.32.233:53131 VERIFY OK: depth=0, C=US, ST=Georgia, L=Scottdale, O=Supplies Unlimited, Inc., OU=Security, CN=jdoe, name=John Doe, emailAddress=josh.north@point808.com
-LDAP bind failed: Invalid credentials (80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece)
-Incorrect password supplied for LDAP DN "CN=John Doe,CN=Users,DC=supplies,DC=local".
-Tue Dec 2 20:49:20 2014 172.56.32.233:53131 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/lib/openvpn/openvpn-auth-ldap.so
-Tue Dec 2 20:49:20 2014 172.56.32.233:53131 TLS Auth Error: Auth Username/Password verification failed for peer
-Tue Dec 2 20:49:20 2014 172.56.32.233:53131 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
-Tue Dec 2 20:49:20 2014 172.56.32.233:53131 [jdoe] Peer Connection Initiated with [AF_INET]172.56.32.233:53131
-Tue Dec 2 20:49:55 2014 172.56.32.233:53873 VERIFY OK: depth=1, C=US, ST=Georgia, L=Scottdale, O=Supplies Unlimited, Inc., OU=Security, CN=Supplies Unlimited, Inc. CA, name=Supplies Unlimited, Inc., emailAddress=admin@suppliesunlimited.com
-Tue Dec 2 20:49:55 2014 172.56.32.233:53873 VERIFY OK: depth=0, C=US, ST=Georgia, L=Scottdale, O=Supplies Unlimited, Inc., OU=Security, CN=jdoe, name=John Doe, emailAddress=josh.north@point808.com
-Tue Dec 2 20:49:56 2014 172.56.32.233:53873 TLS: Username/Password authentication succeeded for username 'jdoe'
-Tue Dec 2 20:49:56 2014 172.56.32.233:53873 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
-Tue Dec 2 20:49:56 2014 172.56.32.233:53873 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
-Tue Dec 2 20:49:56 2014 172.56.32.233:53873 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
-Tue Dec 2 20:49:56 2014 172.56.32.233:53873 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
-Tue Dec 2 20:49:56 2014 172.56.32.233:53873 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
-Tue Dec 2 20:49:56 2014 172.56.32.233:53873 [jdoe] Peer Connection Initiated with [AF_INET]172.56.32.233:53873
-Tue Dec 2 20:49:56 2014 jdoe/172.56.32.233:53873 MULTI_sva: pool returned IPv4=192.168.5.6, IPv6=(Not enabled)
-Tue Dec 2 20:49:57 2014 jdoe/172.56.32.233:53873 send_push_reply(): safe_cap=940
-Tue Dec 2 20:49:59 2014 172.56.32.233:61395 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
-Tue Dec 2 20:49:59 2014 172.56.32.233:61395 TLS Error: TLS handshake failed
-Wed Dec 3 10:22:14 2014 216.203.6.11:4952 VERIFY OK: depth=1, C=US, ST=Georgia, L=Scottdale, O=Supplies Unlimited, Inc., OU=Security, CN=Supplies Unlimited, Inc. CA, name=Supplies Unlimited, Inc., emailAddress=admin@suppliesunlimited.com
-Wed Dec 3 10:22:14 2014 216.203.6.11:4952 VERIFY OK: depth=0, C=US, ST=Georgia, L=Scottdale, O=Supplies Unlimited, Inc., OU=Security, CN=jdoe, name=John Doe, emailAddress=josh.north@point808.com
-Wed Dec 3 10:22:14 2014 216.203.6.11:4952 TLS: Username/Password authentication succeeded for username 'jdoe'
-Wed Dec 3 10:22:14 2014 216.203.6.11:4952 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
-Wed Dec 3 10:22:14 2014 216.203.6.11:4952 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
-Wed Dec 3 10:22:14 2014 216.203.6.11:4952 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
-Wed Dec 3 10:22:14 2014 216.203.6.11:4952 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
-Wed Dec 3 10:22:14 2014 216.203.6.11:4952 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
-Wed Dec 3 10:22:14 2014 216.203.6.11:4952 [jdoe] Peer Connection Initiated with [AF_INET]216.203.6.11:4952
-Wed Dec 3 10:22:14 2014 jdoe/216.203.6.11:4952 MULTI_sva: pool returned IPv4=192.168.5.6, IPv6=(Not enabled)
-Wed Dec 3 10:22:17 2014 jdoe/216.203.6.11:4952 send_push_reply(): safe_cap=940
-Wed Dec 3 10:26:26 2014 jdoe/216.203.6.11:4952 [jdoe] Inactivity timeout (--ping-restart), restarting
-Wed Dec 3 11:23:15 2014 event_wait : Interrupted system call (code=4)
-RTNETLINK answers: Operation not permitted
-Wed Dec 3 11:23:15 2014 ERROR: Linux route delete command failed: external program exited with error status: 2
-Wed Dec 3 11:23:15 2014 Closing TUN/TAP interface
-Wed Dec 3 11:23:15 2014 /sbin/ip addr del dev tun1 local 192.168.5.1 peer 192.168.5.2
-RTNETLINK answers: Operation not permitted
-Wed Dec 3 11:23:15 2014 Linux ip addr del failed: external program exited with error status: 2
-Wed Dec 3 11:23:16 2014 SIGTERM[hard,] received, process exiting
-Wed Dec 3 11:25:03 2014 OpenVPN 2.3.2 i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Feb 4 2014
-Wed Dec 3 11:25:04 2014 TUN/TAP device tun1 opened
-Wed Dec 3 11:25:04 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
-Wed Dec 3 11:25:04 2014 /sbin/ip link set dev tun1 up mtu 1500
-Wed Dec 3 11:25:04 2014 /sbin/ip addr add dev tun1 local 192.168.5.1 peer 192.168.5.2
-Wed Dec 3 11:25:04 2014 GID set to nogroup
-Wed Dec 3 11:25:04 2014 UID set to nobody
-Wed Dec 3 11:25:04 2014 UDPv4 link local (bound): [undef]
-Wed Dec 3 11:25:04 2014 UDPv4 link remote: [undef]
-Wed Dec 3 11:25:04 2014 Initialization Sequence Completed
-Wed Dec 3 11:35:41 2014 66.45.77.53:46347 VERIFY OK: depth=1, C=US, ST=Georgia, L=Scottdale, O=Supplies Unlimited, Inc., OU=Security, CN=Supplies Unlimited, Inc. CA, name=Supplies Unlimited, Inc., emailAddress=admin@suppliesunlimited.com
-Wed Dec 3 11:35:41 2014 66.45.77.53:46347 VERIFY OK: depth=0, C=US, ST=Georgia, L=Scottdale, O=Supplies Unlimited, Inc., OU=Security, CN=jnorth, name=Josh North, emailAddress=josh.north@point808.com
-Wed Dec 3 11:35:45 2014 66.45.77.53:46347 TLS: Username/Password authentication succeeded for username 'jnorth'
-Wed Dec 3 11:35:45 2014 66.45.77.53:46347 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
-Wed Dec 3 11:35:45 2014 66.45.77.53:46347 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
-Wed Dec 3 11:35:45 2014 66.45.77.53:46347 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
-Wed Dec 3 11:35:45 2014 66.45.77.53:46347 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
-Wed Dec 3 11:35:45 2014 66.45.77.53:46347 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
-Wed Dec 3 11:35:45 2014 66.45.77.53:46347 [jnorth] Peer Connection Initiated with [AF_INET]66.45.77.53:46347
-Wed Dec 3 11:35:45 2014 jnorth/66.45.77.53:46347 MULTI_sva: pool returned IPv4=192.168.5.6, IPv6=(Not enabled)
-Wed Dec 3 11:35:48 2014 jnorth/66.45.77.53:46347 send_push_reply(): safe_cap=940
-Wed Dec 3 11:50:35 2014 jnorth/66.45.77.53:46347 [jnorth] Inactivity timeout (--ping-restart), restarting
-Wed Dec 3 12:04:08 2014 24.131.37.103:55576 VERIFY OK: depth=1, C=US, ST=Georgia, L=Scottdale, O=Supplies Unlimited, Inc., OU=Security, CN=Supplies Unlimited, Inc. CA, name=Supplies Unlimited, Inc., emailAddress=admin@suppliesunlimited.com
-Wed Dec 3 12:04:08 2014 24.131.37.103:55576 VERIFY OK: depth=0, C=US, ST=Georgia, L=Scottdale, O=Supplies Unlimited, Inc., OU=Security, CN=jdoe, name=John Doe, emailAddress=josh.north@point808.com
-Wed Dec 3 12:04:08 2014 24.131.37.103:55576 TLS: Username/Password authentication succeeded for username 'jdoe'
-Wed Dec 3 12:04:08 2014 24.131.37.103:55576 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
-Wed Dec 3 12:04:08 2014 24.131.37.103:55576 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
-Wed Dec 3 12:04:08 2014 24.131.37.103:55576 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
-Wed Dec 3 12:04:08 2014 24.131.37.103:55576 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
-Wed Dec 3 12:04:08 2014 24.131.37.103:55576 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
-Wed Dec 3 12:04:08 2014 24.131.37.103:55576 [jdoe] Peer Connection Initiated with [AF_INET]24.131.37.103:55576
-Wed Dec 3 12:04:08 2014 jdoe/24.131.37.103:55576 MULTI_sva: pool returned IPv4=192.168.5.10, IPv6=(Not enabled)
-Wed Dec 3 12:04:10 2014 jdoe/24.131.37.103:55576 send_push_reply(): safe_cap=940
-Wed Dec 3 12:08:35 2014 jdoe/24.131.37.103:55576 [jdoe] Inactivity timeout (--ping-restart), restarting
-Wed Dec 3 13:10:28 2014 66.0.119.82:34633 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
-Wed Dec 3 13:10:28 2014 66.0.119.82:34633 TLS Error: TLS handshake failed
-Wed Dec 3 13:12:45 2014 66.0.119.82:39871 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
-Wed Dec 3 13:12:45 2014 66.0.119.82:39871 TLS Error: TLS handshake failed
-Wed Dec 3 13:17:35 2014 172.56.33.123:17437 VERIFY OK: depth=1, C=US, ST=Georgia, L=Scottdale, O=Supplies Unlimited, Inc., OU=Security, CN=Supplies Unlimited, Inc. CA, name=Supplies Unlimited, Inc., emailAddress=admin@suppliesunlimited.com
-Wed Dec 3 13:17:35 2014 172.56.33.123:17437 VERIFY OK: depth=0, C=US, ST=Georgia, L=Scottdale, O=Supplies Unlimited, Inc., OU=Security, CN=jnorth, name=Josh North, emailAddress=josh.north@point808.com
-Wed Dec 3 13:17:35 2014 172.56.33.123:17437 TLS: Username/Password authentication succeeded for username 'jnorth'
-Wed Dec 3 13:17:35 2014 172.56.33.123:17437 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
-Wed Dec 3 13:17:35 2014 172.56.33.123:17437 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
-Wed Dec 3 13:17:35 2014 172.56.33.123:17437 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
-Wed Dec 3 13:17:35 2014 172.56.33.123:17437 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
-Wed Dec 3 13:17:36 2014 172.56.33.123:17437 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
-Wed Dec 3 13:17:36 2014 172.56.33.123:17437 [jnorth] Peer Connection Initiated with [AF_INET]172.56.33.123:17437
-Wed Dec 3 13:17:36 2014 jnorth/172.56.33.123:17437 MULTI_sva: pool returned IPv4=192.168.5.6, IPv6=(Not enabled)
-Wed Dec 3 13:17:37 2014 jnorth/172.56.33.123:17437 send_push_reply(): safe_cap=940
-Wed Dec 3 13:18:16 2014 172.56.33.123:58279 VERIFY OK: depth=1, C=US, ST=Georgia, L=Scottdale, O=Supplies Unlimited, Inc., OU=Security, CN=Supplies Unlimited, Inc. CA, name=Supplies Unlimited, Inc., emailAddress=admin@suppliesunlimited.com
-Wed Dec 3 13:18:16 2014 172.56.33.123:58279 VERIFY OK: depth=0, C=US, ST=Georgia, L=Scottdale, O=Supplies Unlimited, Inc., OU=Security, CN=jnorth, name=Josh North, emailAddress=josh.north@point808.com
-Wed Dec 3 13:18:16 2014 172.56.33.123:58279 TLS: Username/Password authentication succeeded for username 'jnorth'
-Wed Dec 3 13:18:16 2014 172.56.33.123:58279 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
-Wed Dec 3 13:18:16 2014 172.56.33.123:58279 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
-Wed Dec 3 13:18:16 2014 172.56.33.123:58279 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
-Wed Dec 3 13:18:16 2014 172.56.33.123:58279 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
-Wed Dec 3 13:18:17 2014 172.56.33.123:58279 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
-Wed Dec 3 13:18:17 2014 172.56.33.123:58279 [jnorth] Peer Connection Initiated with [AF_INET]172.56.33.123:58279
-Wed Dec 3 13:18:17 2014 jnorth/172.56.33.123:58279 MULTI_sva: pool returned IPv4=192.168.5.6, IPv6=(Not enabled)
-Wed Dec 3 13:18:18 2014 jnorth/172.56.33.123:58279 send_push_reply(): safe_cap=940
diff --git a/oas_configs/suppliesunlimited.com.status b/oas_configs/suppliesunlimited.com.status
deleted file mode 100644
index abb2ece..0000000
--- a/oas_configs/suppliesunlimited.com.status
+++ /dev/null
@@ -1,8 +0,0 @@
-OpenVPN CLIENT LIST
-Updated,Wed Dec 3 13:52:24 2014
-Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
-ROUTING TABLE
-Virtual Address,Common Name,Real Address,Last Ref
-GLOBAL STATS
-Max bcast/mcast queue length,0
-END
diff --git a/oas_configs/suppliesunlimited.com.conf b/oas_configs/vpn.example.com.conf
similarity index 55%
rename from oas_configs/suppliesunlimited.com.conf
rename to oas_configs/vpn.example.com.conf
index 48dd463..1d21140 100644
--- a/oas_configs/suppliesunlimited.com.conf
+++ b/oas_configs/vpn.example.com.conf
@@ -1,16 +1,16 @@
port 1194
proto udp
-dev tun1
+dev tun0
ca /etc/openvpn/rsa/keys/ca.crt
-cert /etc/openvpn/rsa/keys/suppliesunlimited.com.crt
-key /etc/openvpn/rsa/keys/suppliesunlimited.com.key
+cert /etc/openvpn/rsa/keys/vpn.example.com.crt
+key /etc/openvpn/rsa/keys/vpn.example.com.key
dh /etc/openvpn/rsa/keys/dh2048.pem
server 192.168.5.0 255.255.255.0
cipher AES-256-CBC
user nobody
group nogroup
-status /etc/openvpn/suppliesunlimited.com.status
-log-append /etc/openvpn/suppliesunlimited.com.log
+status /etc/openvpn/vpn.example.com.status
+log-append /etc/openvpn/vpn.example.com.log
verb 2
mute 20
max-clients 100
@@ -21,10 +21,10 @@ comp-lzo
persist-key
persist-tun
float
-plugin /usr/lib/openvpn/openvpn-auth-ldap.so "/etc/openvpn/suppliesunlimited.com.ldap"
+plugin /usr/lib/openvpn/openvpn-auth-ldap.so "/etc/openvpn/vpn.example.com.ldap"
push "route 192.168.1.0 255.255.255.0"
push "dhcp-option DNS 192.168.1.21"
push "dhcp-option DNS 192.168.1.22"
-push "dhcp-option DOMAIN supplies.local"
+push "dhcp-option DOMAIN example.com"
replay-window 128 40
diff --git a/oas_configs/vpn.example.com.ldap b/oas_configs/vpn.example.com.ldap
new file mode 100644
index 0000000..db5ea93
--- /dev/null
+++ b/oas_configs/vpn.example.com.ldap
@@ -0,0 +1,26 @@
+
+# CHANGE THIS!!! to your AD server
+URL ldap://192.168.1.22:389
+# CHANGE THIS IF YOU USE A DIFFERENT SYSTEM BIND USER
+BindDN oas_user@EXAMPLE.COM
+# Bind Password
+Password oas_user
+
+# these settings should be ok
+Timeout 15
+TLSEnable no
+FollowReferrals yes
+
+
+# CHANGE THIS TO MATCH YOUR DOMAIN
+BaseDN "CN=Users,DC=example,DC=com"
+SearchFilter "(&(sAMAccountName=%u))"
+RequireGroup true
+
+# CHANGE THIS TO MATCH YOUR USER DN
+BaseDN "cn=Users,dc=example,dc=com"
+# CHANGE THIS TO MATCH YOUR OPENVPN USER GROUP
+SearchFilter "(cn=OpenVPNUsers)"
+MemberAttribute "member"
+
+
diff --git a/oas_configs/vpn.example.com.log b/oas_configs/vpn.example.com.log
new file mode 100644
index 0000000..e69de29
diff --git a/oas_configs/vpn.example.com.status b/oas_configs/vpn.example.com.status
new file mode 100644
index 0000000..e69de29