# cat server.conf local 172.16.0.114 port 4443 proto udp dev tun ca keys/ca.crt cert keys/issued/vpn-server.crt key keys/private/vpn-server.key dh keys/dh.pem mode server tls-server tls-auth keys/ta.key 0 server 10.88.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt username-as-common-name tun-mtu 1400 script-security 2 client-to-client #auth MD5 daemon cipher BF-CBC keepalive 10 120 comp-lzo max-clients 100 persist-key persist-tun status /var/log/openvpn/openvpn-status.log log /var/log/openvpn/openvpn.log verb 4 plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-ldap.so auth/ldap.conf
# cat auth/ldap.conf <LDAP> URL ldap://10.12.255.9:389 BindDN "CN=user_ghgh,OU=yhnuhui,OU=ertverter,DC=ertert,DC=ertvertv,DC=ru" Password BLHyuiyuiyumyuiymwn352 Timeout 15 TLSEnable no FollowReferrals yes </LDAP> <Authorization> BaseDN "OU=retgert,OU=ertbret,DC=corp,DC=ertvertv,DC=ertvert" SearchFilter "(sAMAccountName=%u)" RequireGroup false </Authorization>
# IF USER EXITS IN GROUP <LDAP> URL ldap://rtbertver BindDN "CN=openvpn,OU=ertvertv,OU=fghbfghb,DC=fghbfgh,DC=fghbfghb,DC=fsdfsdf" Password DFCSDFCSDFdfdf Timeout 15 TLSEnable no FollowReferrals yes </LDAP> <Authorization> BaseDN "ou=fdgvbdfg,ou=dgfvfdg,DC=fgbfg,DC=dfgvdf,DC=dfgvdf" SearchFilter "(&(sAMAccountName=%u)(memberOf=CN=ACL-VPN,ou=VPN,ou=Local Security Groups,ou=Admin,DC=certver,DC=ertvertv,DC=csdfcsdf))" RequireGroup false </Authorization>