Actions
Task #4231
closed
Task #4227: Activate a VPN service to grant complete access to the servers network from outside
Better authentication system for the openvpn server
Status:
Closed
Priority:
Normal
Assignee:
_InfraScience Systems Engineer
Category:
System Application
Target version:
Start date:
Jun 11, 2016
Due date:
% Done:
100%
Estimated time:
Infrastructure:
Development, Pre-Production, Production
Description
We are using the pam module with local users, right now.
A more secure and manageable system should use a 2FA authentication:
- local certificates (the personal INFN ones are OK
- username authentication via LDAP (a special group is needed to not open access to everyone)
Related issues
Updated by Andrea Dell'Amico about 9 years ago
- Related to Task #4229: Configure OpenVPN on gw.d4science.org added
Updated by Andrea Dell'Amico about 9 years ago
Different routes for different users could also be used, so that we can access the console servers without exposing them to all the people.
Updated by Andrea Dell'Amico almost 9 years ago
- Status changed from New to In Progress
Update: the openldap-auth-ldap package is broken, openvpn crashes when the plugin is used. Need to find another way.
Updated by Andrea Dell'Amico almost 9 years ago
- % Done changed from 0 to 50
We are now authenticating against the ldap server. An external perl script is doing the checks against the ldap server and the vpn_users group.
Updated by Andrea Dell'Amico almost 9 years ago
- Status changed from In Progress to Closed
- % Done changed from 50 to 100
The certificates authentication is enabled too.
Actions
