ops.point808.com/ovpn-ad-sync
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Josh North 2014-12-03 14:36:37 -05:00
parent 91d33aa6cd
commit f64f493c00
1 changed files with 15 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
README.md
View File

@ -37,7 +37,7 @@ The below instructions make the following assumptions. If you use a different s
1. Install and configure all pre-requisites listed above 1. Install and configure all pre-requisites listed above
2. Clone the repository `sudo git clone https://github.com/joshnorth/ovpn-ad-sync.git /tmp/ovpn-ad-sync` 2. Clone the repository `sudo git clone https://github.com/joshnorth/ovpn-ad-sync.git /tmp/ovpn-ad-sync`
3. Copy RSA directory `sudo cp -R /usr/share/easy-rsa /etc/openvpn/rsa` 3. Copy RSA directory `sudo cp -R /usr/share/easy-rsa /etc/openvpn/rsa`
4. Edit RSA variable file - IMPORTANT! `sudo nano /etc/openvpn/rsa/vars` 4. Edit RSA variable file - IMPORTANT! Make sure you use 2048 instead of 1024!!! `sudo nano /etc/openvpn/rsa/vars`
5. Build RSA CA 5. Build RSA CA
``` ```
sudo -s sudo -s
@ -46,16 +46,18 @@ source ./vars
./build-ca ./build-ca
./build-dh ./build-dh
./build-key-server vpn.example.com ./build-key-server vpn.example.com
exit
``` ```
6. sudo cp -R /tmp/ovpn-ad-sync/ 6. Copy client directory to openvpn directory `sudo cp -R /tmp/ovpn-ad-sync/oas_clients /etc/openvpn`
5. Create openvpn server config file 7. Edit the client template to match your IP, etc `sudo nano /etc/openvpn/oas_clients/template.ovpn`
make ldap config file 7. Copy server files into place `sudo cp -R /tmp/ovpn-ad-sync/oas_configs/* /etc/openvpn`
edit /etc/openvpn/rsa/vars correctly 8. Edit server file `sudo nano /etc/openvpn/vpn.example.com.conf`
in rsa dir do source ./vars, build-ca, build-dh, and build-key-server 9. Edit LDAP auth file `sudo nano /etc/openvpn/vpn.example.com.ldap`
MAKE SURE you use 2048 not 1024 it will break script and i don;t care becuase it's more secure anyway 10. Copy main program into place `sudo cp /tmp/ovpn-ad-sync/ovpn-ad-sync.sh /usr/local/bin`
copy script file to /usr/local/bin/oas.sh ansd chmod +x 11. Edit main program variables - IMPORTANT! `sudo nano /usr/local/bin/ovpn-ad-sync.sh`
make directory for client files (/etc/openvpn/oas_clients) 12. Allow program to execute `sudo chmod +x /usr/local/bin/ovpn-ad-sync.sh`
copy template file for clients into client directory 13. On your Active Directory, make sure you have created a group (by default, OpenVPNUsers).
edit oas.sh to iproper parameters 14. On your Active Directory, make sure the oas_user exists and has a proper password set.
copy user guide to client directory 15. Check the rest of the items in the assumptions list above and double-check they are all checked before running.
add to cron every 15 minutes or whatever 16. All checked? Let's add it to cron. `sudo crontab -e` and add a line like this `0,10,20,30,40,50 * * * * /usr/local/bin/ovpn-ad-sync.sh >/dev/null 2>&1`
17. Now go to Active Directory and add a new user, set a valid email address for them, and add them to the group. Within 10 minutes that email should receive a message with the config and user guide attached!