By Greg Keller Posted March 10, 2015
There are many reasons why OpenVPN is a popular “open-source virtual private network” solution. However, when done manually, the process of managing users for OpenVPN can be a time-consuming chore and a potential security risk.
And organizations often turn to a lightweight directory access protocol (LDAP) as a means to manage user directories, but LDAP can also be a challenge to manage efficiently.
By connecting OpenVPN to our managed LDAP solution, JumpCloud’s Directory-as-a-Service (DaaS) harnesses the computing power of both systems, making it easy, fast and secure to manage users.
What’s more? IT administrators benefit a number of ways:
- JumpCloud offers one central place to manage user credentials, saving time and effort.
- Users effectively get a single sign-on for their technical applications.
- We offer increased security and reduce the risk of users gaining unauthorized access.
- You can leverage groups to make it easy to manage roles as well.
In order to manage OpenVPN users easily and swiftly, simply populate your users in our directory and then engage OpenVPN to authenticate them via a secure LDAP endpoint. It only requires minimal configuration on the OpenVPN application side. You’ll get strong control over the VPN without any of the heavy lifting.
Here’s How to Manage OpenVPN Users With JumpCloud:
STEP 1: Setup your JumpCloud account and create an LDAP Bind user in addition to adding employee user accounts.
If you don’t already have a JumpCloud account, please set one up. After you register, add the users to the directory who need access to OpenVPN for authentication and authorization.
With respect to integrating JumpCloud with applications and services via LDAP, we recommend that you create a service account, known as a “Bind User” in LDAP parlance in your directory. This Bind User will give the app the authority to search the user directory via ldapsearch. This user will be leveraged within the integration configurations below. To create this “Bind User,” follow these steps:
A) Click the “Add User” button in the Users page of the JumpCloud console when logged in as an Administrator.
B) Fill in the “Bind User” details in the manner you see below. Please note: You must enable the “LDAP binding user service account” check box for this user to function as intended.
C) Create a password for this user and Save. The LDAP Bind User is not verified.
STEP 2: Configure OpenVPN to authenticate to the JumpCloud LDAP endpoint.
A) Enable LDAP and obtain your Organization ID- You must enable LDAP and this is done simply by navigating to the “Settings” pane via the left nav. Simple toggle LDAP ‘on’ and when done, your LDAP Org ID will become unveiled:
B) Next go to OpenVPN and open the LDAP Configuration (see below). Use the following values for the LDAP Settings:
Primary Server: ldap.jumpcloud.com:636
Use SSL to connect to LDAP server [check the box]
Bind DN: uid=[YOUR-LDAP-BIND-USERNAME-PER-ABOVE],ou=Users,o=[YOUR-ORG-ID-PER-ABOVE],dc=jumpcloud,dc=com
Password: Your LDAP Bind User’s Password per above.
Base DN for User Entries: ou=users,o=[YOUR-ORG-ID-PER-ABOVE],dc=jumpcloud,dc=com
Username Attribute: uid
STEP 3: Assuming you created additional employee accounts within the directory (e.g. the ‘janedba’ user seen below), enter in the JumpCloud user name and the user’s password to test the OpenVPN-to-JumpCloud authentication connection.
Instead of starting up your own LDAP system or managing it, easily leverage JumpCloud’s hosted LDAP and connect it to all of your critical apps. You’ll be good to go! Your users will also appreciate this, as their single account will be used for technical applications as well.
If you’ve implemented OpenVPN within your organization and want to simplify the user management—and increase security—give JumpCloud a try. We offer 10 free users forever!