More actions
No edit summary |
No edit summary |
||
(4 intermediate revisions by the same user not shown) | |||
Line 2: | Line 2: | ||
== History == | == History == | ||
The [[Network: Road Warrior VPN]] was setup to enable remote access to internal sysadminafterdark operations. After considerable research, we determined OpenVPN running on [[Hardware: SAD-HME-FW01]] was the best choice for the business because it is highly documented, easy to setup, and integrates with [[Authentication: Microsoft NPS]] and [[Authentication: Cisco DUO]]. This entry describes how to pair these technologies with OpenVPN. | The [[Network: Road Warrior VPN]] was setup to enable remote access to internal sysadminafterdark operations. After considerable research, we determined OpenVPN running on [[Hardware: SAD-HME-FW01]] was the best choice for the business because it is highly documented, easy to setup, and integrates with [[Authentication: Microsoft NPS]] and [[Authentication: Cisco DUO]]. This entry describes how to pair these technologies with OpenVPN. | ||
== Certificate Authority Deployment == | |||
It is highly recommended to setup certificate authority and self-signed user certificates. In later steps, we will enable password and certificate authentication. When I was playing with these concepts, I can confirm it worked without forcing a certificate check, but I would highly recommend both methods be used. Eventually, I'd like to attempt to integrate Windows Certificate Authority, but this is not on the books at this time. | |||
# Login to your OPNsense firewall. |
Latest revision as of 00:41, 20 May 2024
History
The Network: Road Warrior VPN was setup to enable remote access to internal sysadminafterdark operations. After considerable research, we determined OpenVPN running on Hardware: SAD-HME-FW01 was the best choice for the business because it is highly documented, easy to setup, and integrates with Authentication: Microsoft NPS and Authentication: Cisco DUO. This entry describes how to pair these technologies with OpenVPN.
Certificate Authority Deployment
It is highly recommended to setup certificate authority and self-signed user certificates. In later steps, we will enable password and certificate authentication. When I was playing with these concepts, I can confirm it worked without forcing a certificate check, but I would highly recommend both methods be used. Eventually, I'd like to attempt to integrate Windows Certificate Authority, but this is not on the books at this time.
- Login to your OPNsense firewall.