Authentication

Some say it couldn’t be done, I’d like to prove you otherwise.

I recently did a project where the combination from the title would come in handy. A secure VPN server that uses an existing Windows Active Directory setup.

After everything is setup. You have an OpenVPN server that authenticates using Active Directory and requires a TOTP token, all running on OPNsense

Alright, let’s get to work! First, go to System > Access > Servers and click Add. Use the following info, replace data to fit your enviroment.

Recently, a colleague told me about the existance of SSHFP DNS records. A way to verify that you’re actually connecting to the host you’re expecting to connect to.

Here’s how you can set it up for yourself:

1: Run this command

➜  ~ ssh-keygen -r $hostname

2: ??? \ 3: Profit!

In all seriousness: you’re now going to see the records you need to add that are specific to the server you ran the command on. It looks something like this: