Hey guys,
I’m currently looking into a free way to setup an Ldap + Vpn combination to host some software for a group of historiens who want to come together and collaborate in a project in their freetime.
I’ve looked around for a week now and almost immediatly found openLdap which sounded just awesome. I set it up and it just worked. But for the second part I just have no Idea what to do now. I setup two types of OpenVpn. Which are both not really working out in their own way. The first one I installed through an article which gave me logins with certificates which is just not going to work with the 40+ year old people and the second one has a limit of only two connections at the same time which is disgusting for something that calls itself “openvpn”.
I have now spend the last 6 hours looking for better services, software etc etc and found some interesting sites about several vpns where they compare but not actually compare them because they only find other ways to describe how well they are working and how on top of the game they are. Most of them have hidden subscription and I just feel lost and helpless at this point thinking that the best vpn would be to just open my whole network to the public and hope for the best.
What are you guys running with, it doesen’t need to be openldap. I just want to have a user managment or single sign on system that can be used with an open source vpn and can prefarably be used with nextcloud.
Please if anyone has any recommendations I’m just clueless at this point. I have no one else I could ask, even the computer science professors have never even touched a server before. And I really mean that any recommendations are welcome.
The two connection limit is OpenVPN Access server which is not free. You can setup the free version of OoenVPN to use ldap using openvpn-auth-ldap plugin.
Also checkout Pritunl. I had tried it once and it was pretty good. It has a GUI for user management and configuration. A lot easier than free version OpenVPN file based config.
Also you can use an opnsense appliance, and connect the auth to an ldap/ipa server.
I’ve been using it for years and works like a charm
What’s your router? If it’s an ASUS router, install ASUS WRT Merlin. VPN is built in.
Would pivpn work for you in this case?
Keep good backups.
My first reaction: Do you want such a project to be your first test of self-hosted LDAP and VPN ? Maybe they should use Google Docs or something instead.
If you are less than 10 users I would go with Jumpcloud for ldap/auth (free for less than 10 users). You can then choose any vpn setup you see fit and do auth via ldap or radius.
Oh wow that sounds exactly like what I wanted. I’m definitely going to check out pritunl too and get back to you tomorrow if it worked or not thank you so much.
Pritunl looks fun. I’ll give it a go, thanks a lot!
Opnsense sounds intriguing, the 2fa aspect together with an integrated VPN sounds awesome. I’m definitely going to try that out thank you mate!
Might be but I’m not hosting on raspberry pi’s.
I’m currently selfhosting a lot of stuff, I just never had the need to give someone else access from outside my network. Everything I have is running on a mirror raid and I make backups once a week which I save in the cloud.
+1 for JumpCloud adding Zerotier in? Jumpcloud to manage access and Zerotier to manage the VPN?
Hey, Brandon with JumpCloud here — I’ll second that suggestion of our Cloud Directory Platform for your described use case. Our LDAP-as-a-Service is free for up to 10 users and 10 systems, with no trial expiry. Our Knowledge Base has articles for configuring OpenVPN authentication using either LDAP or RADIUS, and other VPNs that support either the RFC 2307 LDAP schema or the RADIUS protocol are expected to work as well. You can check us out for free at either https://www.jumpcloud.com/demo or https://console.jumpcloud.com/signup, no credit card required.
Pritunl is pretty good. You may also like Subspace. Though I think Pritunl, given the corporate sponsorship, gets more updates.
it is possible to do separated, but i found that this solution, plus the high availability possibility was a win-win for me
It’s not made for raspberry pi only. I’m hosting it on a pc.
Brilliant. Zerotier would be as close to zero config as possible.