Using LDAP as a backend authentication mechanism

Normally, the security of a VPN is based on a X.509 certificate / private key pair, which all users of the VPN must possess in order to gain access. The security of your VPN can be further increased by requiring users to also supply a username and password when they connect to the OpenVPN server.

On the server side, the verification of the username and password can be done using several mechanisms:

  • Using a server-side password file that contains the username and their hashed passwords.
  • Using PAM (short for Pluggable Authentication Module), which is normally included in all Linux/UNIX operating systems.
  • Using a central directory server based on Lightweight Directory Access Protocol (LDAP). Note that ...

Get Mastering OpenVPN now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.