OpenVPN via LDAP

OpenVPN authentication with LDAP, powered by Foxpass.

Before you get started...

A member of the Foxpass community, Aaron Vinson, has released a Docker container with OpenVPN integrated with Foxpass. Check it out here: https://github.com/avinson/foxpass-openvpn.

Here's how to set up OpenVPN authentication with LDAP, powered by Foxpass.

First, log into Foxpass and do the following:

  1. Note your Base DN on the dashboard page. Copy/paste it somewhere.
  2. Create an LDAP Binder account with the name 'openvpn' on the LDAP binders page. Copy/paste the generated password! It is only displayed once.

OpenVPN LDAP configuration:

# LDAP server URL URL ldaps://ldap.foxpass.com
    BindDN cn=<binder name>,dc=example,dc=com

    # Bind Password
    Password "********"

    # Network timeout (in seconds)
    Timeout         15

    # Disable Start TLS
    TLSEnable       no

    # Follow LDAP Referrals (anonymously)
    FollowReferrals yes

    # TLS CA Certificate File
    #TLSCACertFile  /usr/local/etc/ssl/ca.pem

    # TLS CA Certificate Directory
    #TLSCACertDir   /etc/ssl/certs

    # Client Certificate and key
    # If TLS client authentication is required
    #TLSCertFile    /usr/local/etc/ssl/client-cert.pem
    #TLSKeyFile     /usr/local/etc/ssl/client-key.pem

    # Cipher Suite
    # The defaults are usually fine here
    # TLSCipherSuite        ALL:!ADH:@STRENGTH
# Base DN BaseDN "ou=people,dc=example,dc=com"
    # User Search Filter
    SearchFilter    "(&(uid=%u))"

    # Require Group Membership
    RequireGroup    false

    # If you want to limit to certain group(s), set RequireGroup to true (above)
    # uncomment below and edit the BaseDN and SearchFilter line
    #<Group>
    #       BaseDN          "ou=groups,dc=example,dc=com"
    #       SearchFilter    "(|(cn=developers)(cn=artists))"
    #       MemberAttribute member
    #</Group>