ops.point808.com/ovpn-ad-sync
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Modified server config sample directories and readme updated with assumptions and install instructions

Browse Source
This commit is contained in:
Josh North 2014-12-03 14:05:36 -05:00
parent c2c6fb357a
commit 29ff86a7ab
9 changed files with 47 additions and 243 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
README.md
View File

@ -14,8 +14,19 @@ easy-rsa
ldap-utils ldap-utils
openvpn-auth-ldap openvpn-auth-ldap
Setup: Setup Assumptions:
The below instructions make the following assumptions. If you use a different setup you will need to modify accordingly. The below instructions make the following assumptions. If you use a different setup you will need to modify accordingly.
1. We assume your vpn name will be vpn.example.com
2. We asssume your LDAP bind root is example.com
3. We assume your LDAP user/pass for bind is oas_user/oas_user
4. We assume 192.168.5.0/24 is your VPN network range
5. We assume you want your rsa key infrastructure to live under the OpenVPN config directory in /etc
6. We assume your public IP is 66.66.66.66 - obviously this needs to be changed in the template file in the clients directory.
7. We assume your local network is 192.168.1.0/24 and your Active Directory or LDAP servers reside at .21 and .22 in this network.
8. We assume that you will set up a group in Active Directory called "OpenVPNUsers" - any users in this group will have files generated and emailed automatically.
9. You will see other variables that reference example.com - change these accordingly
Setup Instructions:
1. Install and configure all pre-requisites listed above 1. Install and configure all pre-requisites listed above
2. sudo git clone https://github.com/joshnorth/ovpn-ad-sync.git /tmp/ovpn-ad-sync 2. sudo git clone https://github.com/joshnorth/ovpn-ad-sync.git /tmp/ovpn-ad-sync
3. sudo cp -R /usr/share/easy-rsa /etc/openvpn/rsa 3. sudo cp -R /usr/share/easy-rsa /etc/openvpn/rsa

3
oas_clients/template.ovpn
View File

@ -2,7 +2,8 @@ client
auth-user-pass auth-user-pass
proto udp proto udp
dev tun dev tun
remote 66.0.119.86 1194 # CHANGE THIS TO MATCH YOUR SETUP PUBLIC IP ADDRESS
remote 66.66.66.66 1194
cipher AES-256-CBC cipher AES-256-CBC
user nobody user nobody
group nogroup group nogroup

61
oas_configs/suppliesunlimited.com.ldap
View File

@ -1,61 +0,0 @@
<LDAP>
# LDAP server URL
URL ldap://192.168.1.22:389
# Bind DN (If your LDAP server doesn't support anonymous binds)
#BindDN uid=Administrator,ou=Users,dc=Ma**,dc=li**.local
BindDN SYS_OpenVPN@SUPPLIES.LOCAL
# Bind Password
Password whatthefreak!
# Network timeout (in seconds)
Timeout 15
# Enable Start TLS
TLSEnable no
# Follow LDAP Referrals (anonymously)
FollowReferrals yes
# TLS CA Certificate File
# TLSCACertFile /usr/local/etc/ssl/ca.pem
# TLS CA Certificate Directory
#TLSCACertDir /etc/ssl/certs
# Client Certificate and key
# If TLS client authentication is required
# TLSCertFile /usr/local/etc/ssl/client-cert.pem
# TLSKeyFile /usr/local/etc/ssl/client-key.pem
# Cipher Suite
# The defaults are usually fine here
# TLSCipherSuite ALL:!ADH:@STRENGTH
</LDAP>
<Authorization>
# Base DN
#BaseDN "CN=Users,DC=test,DC=com"
BaseDN "CN=Users,DC=supplies,DC=local"
# User Search Filter
#SearchFilter "(&(uid=%u)(accountStatus=active))"
#SearchFilter "(&(sAMAccountName=%u)(msNPAllowDialin=TRUE))"
SearchFilter "(&(sAMAccountName=%u))"
# Require Group Membership
RequireGroup true
# Add non-group members to a PF table (disabled)
#PFTable ips_vpn_users
<Group>
BaseDN "cn=Users,dc=supplies,dc=local"
SearchFilter "(cn=OpenVPNUsers)"
MemberAttribute "member"
# Add group members to a PF table (disabled)
#PFTable ips_vpn_eng
</Group>
</Authorization>

165
oas_configs/suppliesunlimited.com.log
View File

@ -1,165 +0,0 @@
Tue Dec 2 20:08:14 2014 OpenVPN 2.3.2 i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Feb 4 2014
Tue Dec 2 20:08:14 2014 TUN/TAP device tun1 opened
Tue Dec 2 20:08:14 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Dec 2 20:08:14 2014 /sbin/ip link set dev tun1 up mtu 1500
Tue Dec 2 20:08:14 2014 /sbin/ip addr add dev tun1 local 192.168.5.1 peer 192.168.5.2
Tue Dec 2 20:08:14 2014 GID set to nogroup
Tue Dec 2 20:08:14 2014 UID set to nobody
Tue Dec 2 20:08:14 2014 UDPv4 link local (bound): [undef]
Tue Dec 2 20:08:14 2014 UDPv4 link remote: [undef]
Tue Dec 2 20:08:14 2014 Initialization Sequence Completed
Tue Dec 2 20:18:34 2014 event_wait : Interrupted system call (code=4)
RTNETLINK answers: Operation not permitted
Tue Dec 2 20:18:34 2014 ERROR: Linux route delete command failed: external program exited with error status: 2
Tue Dec 2 20:18:34 2014 Closing TUN/TAP interface
Tue Dec 2 20:18:34 2014 /sbin/ip addr del dev tun1 local 192.168.5.1 peer 192.168.5.2
RTNETLINK answers: Operation not permitted
Tue Dec 2 20:18:34 2014 Linux ip addr del failed: external program exited with error status: 2
Tue Dec 2 20:18:34 2014 SIGTERM[hard,] received, process exiting
Tue Dec 2 20:20:25 2014 OpenVPN 2.3.2 i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Feb 4 2014
Tue Dec 2 20:20:25 2014 TUN/TAP device tun1 opened
Tue Dec 2 20:20:25 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Dec 2 20:20:25 2014 /sbin/ip link set dev tun1 up mtu 1500
Tue Dec 2 20:20:25 2014 /sbin/ip addr add dev tun1 local 192.168.5.1 peer 192.168.5.2
Tue Dec 2 20:20:25 2014 GID set to nogroup
Tue Dec 2 20:20:25 2014 UID set to nobody
Tue Dec 2 20:20:25 2014 UDPv4 link local (bound): [undef]
Tue Dec 2 20:20:25 2014 UDPv4 link remote: [undef]
Tue Dec 2 20:20:25 2014 Initialization Sequence Completed
Tue Dec 2 20:47:56 2014 event_wait : Interrupted system call (code=4)
RTNETLINK answers: Operation not permitted
Tue Dec 2 20:47:56 2014 ERROR: Linux route delete command failed: external program exited with error status: 2
Tue Dec 2 20:47:56 2014 Closing TUN/TAP interface
Tue Dec 2 20:47:56 2014 /sbin/ip addr del dev tun1 local 192.168.5.1 peer 192.168.5.2
RTNETLINK answers: Operation not permitted
Tue Dec 2 20:47:56 2014 Linux ip addr del failed: external program exited with error status: 2
Tue Dec 2 20:47:56 2014 SIGTERM[hard,] received, process exiting
Tue Dec 2 20:47:56 2014 OpenVPN 2.3.2 i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Feb 4 2014
Tue Dec 2 20:47:56 2014 TUN/TAP device tun1 opened
Tue Dec 2 20:47:56 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Dec 2 20:47:56 2014 /sbin/ip link set dev tun1 up mtu 1500
Tue Dec 2 20:47:56 2014 /sbin/ip addr add dev tun1 local 192.168.5.1 peer 192.168.5.2
Tue Dec 2 20:47:56 2014 GID set to nogroup
Tue Dec 2 20:47:56 2014 UID set to nobody
Tue Dec 2 20:47:56 2014 UDPv4 link local (bound): [undef]
Tue Dec 2 20:47:56 2014 UDPv4 link remote: [undef]
Tue Dec 2 20:47:56 2014 Initialization Sequence Completed
Tue Dec 2 20:48:57 2014 event_wait : Interrupted system call (code=4)
RTNETLINK answers: Operation not permitted
Tue Dec 2 20:48:57 2014 ERROR: Linux route delete command failed: external program exited with error status: 2
Tue Dec 2 20:48:57 2014 Closing TUN/TAP interface
Tue Dec 2 20:48:57 2014 /sbin/ip addr del dev tun1 local 192.168.5.1 peer 192.168.5.2
RTNETLINK answers: Operation not permitted
Tue Dec 2 20:48:57 2014 Linux ip addr del failed: external program exited with error status: 2
Tue Dec 2 20:48:57 2014 SIGTERM[hard,] received, process exiting
Tue Dec 2 20:48:57 2014 OpenVPN 2.3.2 i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Feb 4 2014
Tue Dec 2 20:48:57 2014 TUN/TAP device tun1 opened
Tue Dec 2 20:48:57 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Dec 2 20:48:57 2014 /sbin/ip link set dev tun1 up mtu 1500
Tue Dec 2 20:48:57 2014 /sbin/ip addr add dev tun1 local 192.168.5.1 peer 192.168.5.2
Tue Dec 2 20:48:57 2014 GID set to nogroup
Tue Dec 2 20:48:57 2014 UID set to nobody
Tue Dec 2 20:48:57 2014 UDPv4 link local (bound): [undef]
Tue Dec 2 20:48:57 2014 UDPv4 link remote: [undef]
Tue Dec 2 20:48:57 2014 Initialization Sequence Completed
Tue Dec 2 20:49:17 2014 172.56.32.233:53131 VERIFY OK: depth=1, C=US, ST=Georgia, L=Scottdale, O=Supplies Unlimited, Inc., OU=Security, CN=Supplies Unlimited, Inc. CA, name=Supplies Unlimited, Inc., emailAddress=admin@suppliesunlimited.com
Tue Dec 2 20:49:17 2014 172.56.32.233:53131 VERIFY OK: depth=0, C=US, ST=Georgia, L=Scottdale, O=Supplies Unlimited, Inc., OU=Security, CN=jdoe, name=John Doe, emailAddress=josh.north@point808.com
LDAP bind failed: Invalid credentials (80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece)
Incorrect password supplied for LDAP DN "CN=John Doe,CN=Users,DC=supplies,DC=local".
Tue Dec 2 20:49:20 2014 172.56.32.233:53131 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/lib/openvpn/openvpn-auth-ldap.so
Tue Dec 2 20:49:20 2014 172.56.32.233:53131 TLS Auth Error: Auth Username/Password verification failed for peer
Tue Dec 2 20:49:20 2014 172.56.32.233:53131 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Tue Dec 2 20:49:20 2014 172.56.32.233:53131 [jdoe] Peer Connection Initiated with [AF_INET]172.56.32.233:53131
Tue Dec 2 20:49:55 2014 172.56.32.233:53873 VERIFY OK: depth=1, C=US, ST=Georgia, L=Scottdale, O=Supplies Unlimited, Inc., OU=Security, CN=Supplies Unlimited, Inc. CA, name=Supplies Unlimited, Inc., emailAddress=admin@suppliesunlimited.com
Tue Dec 2 20:49:55 2014 172.56.32.233:53873 VERIFY OK: depth=0, C=US, ST=Georgia, L=Scottdale, O=Supplies Unlimited, Inc., OU=Security, CN=jdoe, name=John Doe, emailAddress=josh.north@point808.com
Tue Dec 2 20:49:56 2014 172.56.32.233:53873 TLS: Username/Password authentication succeeded for username 'jdoe'
Tue Dec 2 20:49:56 2014 172.56.32.233:53873 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Dec 2 20:49:56 2014 172.56.32.233:53873 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Dec 2 20:49:56 2014 172.56.32.233:53873 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Dec 2 20:49:56 2014 172.56.32.233:53873 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Dec 2 20:49:56 2014 172.56.32.233:53873 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Tue Dec 2 20:49:56 2014 172.56.32.233:53873 [jdoe] Peer Connection Initiated with [AF_INET]172.56.32.233:53873
Tue Dec 2 20:49:56 2014 jdoe/172.56.32.233:53873 MULTI_sva: pool returned IPv4=192.168.5.6, IPv6=(Not enabled)
Tue Dec 2 20:49:57 2014 jdoe/172.56.32.233:53873 send_push_reply(): safe_cap=940
Tue Dec 2 20:49:59 2014 172.56.32.233:61395 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Dec 2 20:49:59 2014 172.56.32.233:61395 TLS Error: TLS handshake failed
Wed Dec 3 10:22:14 2014 216.203.6.11:4952 VERIFY OK: depth=1, C=US, ST=Georgia, L=Scottdale, O=Supplies Unlimited, Inc., OU=Security, CN=Supplies Unlimited, Inc. CA, name=Supplies Unlimited, Inc., emailAddress=admin@suppliesunlimited.com
Wed Dec 3 10:22:14 2014 216.203.6.11:4952 VERIFY OK: depth=0, C=US, ST=Georgia, L=Scottdale, O=Supplies Unlimited, Inc., OU=Security, CN=jdoe, name=John Doe, emailAddress=josh.north@point808.com
Wed Dec 3 10:22:14 2014 216.203.6.11:4952 TLS: Username/Password authentication succeeded for username 'jdoe'
Wed Dec 3 10:22:14 2014 216.203.6.11:4952 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Dec 3 10:22:14 2014 216.203.6.11:4952 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Dec 3 10:22:14 2014 216.203.6.11:4952 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Dec 3 10:22:14 2014 216.203.6.11:4952 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Dec 3 10:22:14 2014 216.203.6.11:4952 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Dec 3 10:22:14 2014 216.203.6.11:4952 [jdoe] Peer Connection Initiated with [AF_INET]216.203.6.11:4952
Wed Dec 3 10:22:14 2014 jdoe/216.203.6.11:4952 MULTI_sva: pool returned IPv4=192.168.5.6, IPv6=(Not enabled)
Wed Dec 3 10:22:17 2014 jdoe/216.203.6.11:4952 send_push_reply(): safe_cap=940
Wed Dec 3 10:26:26 2014 jdoe/216.203.6.11:4952 [jdoe] Inactivity timeout (--ping-restart), restarting
Wed Dec 3 11:23:15 2014 event_wait : Interrupted system call (code=4)
RTNETLINK answers: Operation not permitted
Wed Dec 3 11:23:15 2014 ERROR: Linux route delete command failed: external program exited with error status: 2
Wed Dec 3 11:23:15 2014 Closing TUN/TAP interface
Wed Dec 3 11:23:15 2014 /sbin/ip addr del dev tun1 local 192.168.5.1 peer 192.168.5.2
RTNETLINK answers: Operation not permitted
Wed Dec 3 11:23:15 2014 Linux ip addr del failed: external program exited with error status: 2
Wed Dec 3 11:23:16 2014 SIGTERM[hard,] received, process exiting
Wed Dec 3 11:25:03 2014 OpenVPN 2.3.2 i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Feb 4 2014
Wed Dec 3 11:25:04 2014 TUN/TAP device tun1 opened
Wed Dec 3 11:25:04 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Dec 3 11:25:04 2014 /sbin/ip link set dev tun1 up mtu 1500
Wed Dec 3 11:25:04 2014 /sbin/ip addr add dev tun1 local 192.168.5.1 peer 192.168.5.2
Wed Dec 3 11:25:04 2014 GID set to nogroup
Wed Dec 3 11:25:04 2014 UID set to nobody
Wed Dec 3 11:25:04 2014 UDPv4 link local (bound): [undef]
Wed Dec 3 11:25:04 2014 UDPv4 link remote: [undef]
Wed Dec 3 11:25:04 2014 Initialization Sequence Completed
Wed Dec 3 11:35:41 2014 66.45.77.53:46347 VERIFY OK: depth=1, C=US, ST=Georgia, L=Scottdale, O=Supplies Unlimited, Inc., OU=Security, CN=Supplies Unlimited, Inc. CA, name=Supplies Unlimited, Inc., emailAddress=admin@suppliesunlimited.com
Wed Dec 3 11:35:41 2014 66.45.77.53:46347 VERIFY OK: depth=0, C=US, ST=Georgia, L=Scottdale, O=Supplies Unlimited, Inc., OU=Security, CN=jnorth, name=Josh North, emailAddress=josh.north@point808.com
Wed Dec 3 11:35:45 2014 66.45.77.53:46347 TLS: Username/Password authentication succeeded for username 'jnorth'
Wed Dec 3 11:35:45 2014 66.45.77.53:46347 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Dec 3 11:35:45 2014 66.45.77.53:46347 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Dec 3 11:35:45 2014 66.45.77.53:46347 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Dec 3 11:35:45 2014 66.45.77.53:46347 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Dec 3 11:35:45 2014 66.45.77.53:46347 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Dec 3 11:35:45 2014 66.45.77.53:46347 [jnorth] Peer Connection Initiated with [AF_INET]66.45.77.53:46347
Wed Dec 3 11:35:45 2014 jnorth/66.45.77.53:46347 MULTI_sva: pool returned IPv4=192.168.5.6, IPv6=(Not enabled)
Wed Dec 3 11:35:48 2014 jnorth/66.45.77.53:46347 send_push_reply(): safe_cap=940
Wed Dec 3 11:50:35 2014 jnorth/66.45.77.53:46347 [jnorth] Inactivity timeout (--ping-restart), restarting
Wed Dec 3 12:04:08 2014 24.131.37.103:55576 VERIFY OK: depth=1, C=US, ST=Georgia, L=Scottdale, O=Supplies Unlimited, Inc., OU=Security, CN=Supplies Unlimited, Inc. CA, name=Supplies Unlimited, Inc., emailAddress=admin@suppliesunlimited.com
Wed Dec 3 12:04:08 2014 24.131.37.103:55576 VERIFY OK: depth=0, C=US, ST=Georgia, L=Scottdale, O=Supplies Unlimited, Inc., OU=Security, CN=jdoe, name=John Doe, emailAddress=josh.north@point808.com
Wed Dec 3 12:04:08 2014 24.131.37.103:55576 TLS: Username/Password authentication succeeded for username 'jdoe'
Wed Dec 3 12:04:08 2014 24.131.37.103:55576 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Dec 3 12:04:08 2014 24.131.37.103:55576 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Dec 3 12:04:08 2014 24.131.37.103:55576 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Dec 3 12:04:08 2014 24.131.37.103:55576 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Dec 3 12:04:08 2014 24.131.37.103:55576 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Dec 3 12:04:08 2014 24.131.37.103:55576 [jdoe] Peer Connection Initiated with [AF_INET]24.131.37.103:55576
Wed Dec 3 12:04:08 2014 jdoe/24.131.37.103:55576 MULTI_sva: pool returned IPv4=192.168.5.10, IPv6=(Not enabled)
Wed Dec 3 12:04:10 2014 jdoe/24.131.37.103:55576 send_push_reply(): safe_cap=940
Wed Dec 3 12:08:35 2014 jdoe/24.131.37.103:55576 [jdoe] Inactivity timeout (--ping-restart), restarting
Wed Dec 3 13:10:28 2014 66.0.119.82:34633 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Dec 3 13:10:28 2014 66.0.119.82:34633 TLS Error: TLS handshake failed
Wed Dec 3 13:12:45 2014 66.0.119.82:39871 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Dec 3 13:12:45 2014 66.0.119.82:39871 TLS Error: TLS handshake failed
Wed Dec 3 13:17:35 2014 172.56.33.123:17437 VERIFY OK: depth=1, C=US, ST=Georgia, L=Scottdale, O=Supplies Unlimited, Inc., OU=Security, CN=Supplies Unlimited, Inc. CA, name=Supplies Unlimited, Inc., emailAddress=admin@suppliesunlimited.com
Wed Dec 3 13:17:35 2014 172.56.33.123:17437 VERIFY OK: depth=0, C=US, ST=Georgia, L=Scottdale, O=Supplies Unlimited, Inc., OU=Security, CN=jnorth, name=Josh North, emailAddress=josh.north@point808.com
Wed Dec 3 13:17:35 2014 172.56.33.123:17437 TLS: Username/Password authentication succeeded for username 'jnorth'
Wed Dec 3 13:17:35 2014 172.56.33.123:17437 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Dec 3 13:17:35 2014 172.56.33.123:17437 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Dec 3 13:17:35 2014 172.56.33.123:17437 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Dec 3 13:17:35 2014 172.56.33.123:17437 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Dec 3 13:17:36 2014 172.56.33.123:17437 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Dec 3 13:17:36 2014 172.56.33.123:17437 [jnorth] Peer Connection Initiated with [AF_INET]172.56.33.123:17437
Wed Dec 3 13:17:36 2014 jnorth/172.56.33.123:17437 MULTI_sva: pool returned IPv4=192.168.5.6, IPv6=(Not enabled)
Wed Dec 3 13:17:37 2014 jnorth/172.56.33.123:17437 send_push_reply(): safe_cap=940
Wed Dec 3 13:18:16 2014 172.56.33.123:58279 VERIFY OK: depth=1, C=US, ST=Georgia, L=Scottdale, O=Supplies Unlimited, Inc., OU=Security, CN=Supplies Unlimited, Inc. CA, name=Supplies Unlimited, Inc., emailAddress=admin@suppliesunlimited.com
Wed Dec 3 13:18:16 2014 172.56.33.123:58279 VERIFY OK: depth=0, C=US, ST=Georgia, L=Scottdale, O=Supplies Unlimited, Inc., OU=Security, CN=jnorth, name=Josh North, emailAddress=josh.north@point808.com
Wed Dec 3 13:18:16 2014 172.56.33.123:58279 TLS: Username/Password authentication succeeded for username 'jnorth'
Wed Dec 3 13:18:16 2014 172.56.33.123:58279 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Dec 3 13:18:16 2014 172.56.33.123:58279 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Dec 3 13:18:16 2014 172.56.33.123:58279 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Dec 3 13:18:16 2014 172.56.33.123:58279 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Dec 3 13:18:17 2014 172.56.33.123:58279 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Dec 3 13:18:17 2014 172.56.33.123:58279 [jnorth] Peer Connection Initiated with [AF_INET]172.56.33.123:58279
Wed Dec 3 13:18:17 2014 jnorth/172.56.33.123:58279 MULTI_sva: pool returned IPv4=192.168.5.6, IPv6=(Not enabled)
Wed Dec 3 13:18:18 2014 jnorth/172.56.33.123:58279 send_push_reply(): safe_cap=940

8
oas_configs/suppliesunlimited.com.status
View File

@ -1,8 +0,0 @@
OpenVPN CLIENT LIST
Updated,Wed Dec 3 13:52:24 2014
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
GLOBAL STATS
Max bcast/mcast queue length,0
END

14
oas_configs/suppliesunlimited.com.conf → oas_configs/vpn.example.com.conf
View File

@ -1,16 +1,16 @@
port 1194 port 1194
proto udp proto udp
dev tun1 dev tun0
ca /etc/openvpn/rsa/keys/ca.crt ca /etc/openvpn/rsa/keys/ca.crt
cert /etc/openvpn/rsa/keys/suppliesunlimited.com.crt cert /etc/openvpn/rsa/keys/vpn.example.com.crt
key /etc/openvpn/rsa/keys/suppliesunlimited.com.key key /etc/openvpn/rsa/keys/vpn.example.com.key
dh /etc/openvpn/rsa/keys/dh2048.pem dh /etc/openvpn/rsa/keys/dh2048.pem
server 192.168.5.0 255.255.255.0 server 192.168.5.0 255.255.255.0
cipher AES-256-CBC cipher AES-256-CBC
user nobody user nobody
group nogroup group nogroup
status /etc/openvpn/suppliesunlimited.com.status status /etc/openvpn/vpn.example.com.status
log-append /etc/openvpn/suppliesunlimited.com.log log-append /etc/openvpn/vpn.example.com.log
verb 2 verb 2
mute 20 mute 20
max-clients 100 max-clients 100
@ -21,10 +21,10 @@ comp-lzo
persist-key persist-key
persist-tun persist-tun
float float
plugin /usr/lib/openvpn/openvpn-auth-ldap.so "/etc/openvpn/suppliesunlimited.com.ldap" plugin /usr/lib/openvpn/openvpn-auth-ldap.so "/etc/openvpn/vpn.example.com.ldap"
push "route 192.168.1.0 255.255.255.0" push "route 192.168.1.0 255.255.255.0"
push "dhcp-option DNS 192.168.1.21" push "dhcp-option DNS 192.168.1.21"
push "dhcp-option DNS 192.168.1.22" push "dhcp-option DNS 192.168.1.22"
push "dhcp-option DOMAIN supplies.local" push "dhcp-option DOMAIN example.com"
replay-window 128 40 replay-window 128 40

26
oas_configs/vpn.example.com.ldap Normal file
View File

@ -0,0 +1,26 @@
<LDAP>
# CHANGE THIS!!! to your AD server
URL ldap://192.168.1.22:389
# CHANGE THIS IF YOU USE A DIFFERENT SYSTEM BIND USER
BindDN oas_user@EXAMPLE.COM
# Bind Password
Password oas_user
# these settings should be ok
Timeout 15
TLSEnable no
FollowReferrals yes
</LDAP>
<Authorization>
# CHANGE THIS TO MATCH YOUR DOMAIN
BaseDN "CN=Users,DC=example,DC=com"
SearchFilter "(&(sAMAccountName=%u))"
RequireGroup true
<Group>
# CHANGE THIS TO MATCH YOUR USER DN
BaseDN "cn=Users,dc=example,dc=com"
# CHANGE THIS TO MATCH YOUR OPENVPN USER GROUP
SearchFilter "(cn=OpenVPNUsers)"
MemberAttribute "member"
</Group>
</Authorization>

0
oas_configs/vpn.example.com.log Normal file
View File

0
oas_configs/vpn.example.com.status Normal file
View File