Active Directory Based Site to Multi Sites Open VPN Solution

nwclasantha · Post by **nwclasantha** » Wed Apr 24, 2013 4:24 pm

Active Directory Based Site to Multi Sites Open VPN Solution

PNG.jpg

Using username+password authentication with OpenVPN is desirable for many reasons. It makes controlling access by individuals simple and fine-grained, and saves generating keys for everyone that needs to connect. In this article, I will be showing how to configure OpenVPN to authenticate against a Windows Active Directory server. The first step is to create an application that will act as an authenticator. Below is such a program, written in Perl of course.

??? ??? ???? ???? ??????? ??????? 10000 ????? ??? 256 bit Encrypted ?? Compressed Traffics ??? ?????? ?????? ?? ??? ???????? ????? ?????? ???? ?????????. ??? CentOS ?? Open VPN GPL License ???? ??????? ???? .. ??? ??????? ????? Servers ??? ????? ADSL/ Leased Line ?????? ?? ? ???????? ????? ???? ???? ???? ... !

???? ???????? ?????? ??????? ???????????? ?? ?????? ???????????? ??? ??????? ???? VPN Access Server ??? Users ?? ???????? ?? ????? .! Office - to - Office ??????? ???? ???? Client VPN Servers ??? ?????? ???? ??????? ?? ??? ???? .??? ????????? ??? ???????? ??????? Active Directory ??? ?????? ??????? ?? ?? ..

Active Directory ? ??? ???????? ?? ????? ?????? ???? ??? ??? VPN Client Software ?? ???? ???????? ??????? / ??????? ??????? ???? ??????? ???? ??????? ???? ???????.

???? ????? IPSec, L2TP, PPTP ???? ???? ???? VPN ?????? ???????? ??? ??????? ?? ??? ????? ???? ???? ..!?????? ?????? ??? ??????? ?????? ? ???????? ?? ??? ??????? ??????? ??????? ?? ???? ??????? ??????? ..!

Troubleshooting

1. There are quite a few pieces that have to play nicely together to get OpenVPN working correctly. Here are a few tools that come in handy if things don't work smoothly right out of the gates.

2. Check the OpenVPN logs There is lots of good information in there that can point you right to the problem. This is especially handy when tweaking the config files.

3. Increase the verbosity This will show you more of what OpenVPN is thinking. A verbosity level of 5 or 6 is pretty handy for high level checking, anything higher is great for really tracking where packets are going.

4. Use "tcpdump" tcpdump is a great network troubleshooting tool, especially since both OpenVPN machines are acting as routers. Check the tcpdump man page for more details.

5. Take baby steps! Build up the VPN incrementally and test the connection along the way. (i.e. bring up

PLEASE DOWNLOAD AND READ MY STEP BY STEP FULL PDF ARTICLE AS MUCH AS POSSIBLE.
(DESIGEND , DOCUMEMTED AND TESTED BY CHANAKA LASANTHA NANAYAKKARA WAWAGE)

open-vpn-fw-auto-config-script.rar