Toggle search
Toggle menu
18
19
1
893
sysadminafterdark docs
Toggle personal menu
Not logged in
Your IP address will be publicly visible if you make any edits.

Network: Road Warrior VPN: Difference between revisions

From sysadminafterdark docs
More actions
No edit summary
No edit summary
 
(2 intermediate revisions by the same user not shown)
Line 3: Line 3:
The [[Network: Road Warrior VPN]] was setup to enable remote access to internal sysadminafterdark operations. After considerable research, we determined OpenVPN running on [[Hardware: SAD-HME-FW01]] was the best choice for the business because it is highly documented, easy to setup, and integrates with [[Authentication: Microsoft NPS]] and [[Authentication: Cisco DUO]]. This entry describes how to pair these technologies with OpenVPN.
The [[Network: Road Warrior VPN]] was setup to enable remote access to internal sysadminafterdark operations. After considerable research, we determined OpenVPN running on [[Hardware: SAD-HME-FW01]] was the best choice for the business because it is highly documented, easy to setup, and integrates with [[Authentication: Microsoft NPS]] and [[Authentication: Cisco DUO]]. This entry describes how to pair these technologies with OpenVPN.


== Certificate Deployment ==
== Certificate Authority Deployment ==
It is highly recommended at A certificate authority be stood up on the firewall. In later steps, we will enable password and certificate authentication. When I was playing with this concept, I can confirm it worked without forcing a certificate check, but I would highly recommend that both methods be used.
It is highly recommended to setup certificate authority and self-signed user certificates. In later steps, we will enable password and certificate authentication. When I was playing with these concepts, I can confirm it worked without forcing a certificate check, but I would highly recommend both methods be used. Eventually, I'd like to attempt to integrate Windows Certificate Authority, but this is not on the books at this time.


# Login to your OPNsense firewall.
# Login to your OPNsense firewall.

Latest revision as of 00:41, 20 May 2024

History

The Network: Road Warrior VPN was setup to enable remote access to internal sysadminafterdark operations. After considerable research, we determined OpenVPN running on Hardware: SAD-HME-FW01 was the best choice for the business because it is highly documented, easy to setup, and integrates with Authentication: Microsoft NPS and Authentication: Cisco DUO. This entry describes how to pair these technologies with OpenVPN.

Certificate Authority Deployment

It is highly recommended to setup certificate authority and self-signed user certificates. In later steps, we will enable password and certificate authentication. When I was playing with these concepts, I can confirm it worked without forcing a certificate check, but I would highly recommend both methods be used. Eventually, I'd like to attempt to integrate Windows Certificate Authority, but this is not on the books at this time.

  1. Login to your OPNsense firewall.
Retrieved from "https://docs.sysadminafterdark.com:443/index.php?title=Network:_Road_Warrior_VPN&oldid=440"
Last modified
This page was last edited on 20 May 2024, at 00:41.