New role: SSL VPN server

libre-server / rolekit

'rolekit' is a daemon for Linux systems providing a stable D-BUS interface to manage the deployment of Server Roles.

19 stars 7 forks source link

New role: SSL VPN server #32

Open nmav opened 8 years ago

nmav commented 8 years ago

A setup for a server is for it being a VPN concentrator handling logins to LAN via the Internet. It should be easy to setup OpenConnect VPN server for such a setup.

nmav commented 8 years ago

There are various set ups possible. That is get the accounting via Radius, via PAM, via GSSAPI (i.e., FreeIPA), or locally handled (via a custom password file).

sgallagher commented 8 years ago

Can you tell me more about setting it up with FreeIPA? Do you have links on how to do that? That would be the ideal case, as we're trying to build up our roles such that they integrate with our domain controller (which is FreeIPA).

nmav commented 8 years ago

Currently the steps to setup with FreeIPA are described in that blog: https://securityblog.redhat.com/2015/06/17/single-sign-on-with-openconnect-vpn-server-over-freeipa/

Let me know if something is not clear.

alxgrtnstrngl commented 8 years ago

@nmav What settings/config options would you like to have available for this role?

nmav commented 8 years ago

Hi, a minimal number of options would be:

Authentication method out of:
- pam
- pam OR gssapi

The first would correspond to "auth = pam", the latter to "auth = pam\n enable-auth = gssapi"

Listen-port (one option for TCP/UDP)
max-clients
network to be provided for IPv4 and IPv6 (corresponds to ipv4-network and ipv6-network)
Routes to be provided to clients (IPv4 or IPv6 in route/mask format)
DNS servers to be provided to clients (IPv4 or IPv6)