Authentication Of The Client Bundle - Brocade Communications Systems 5600 Reference Manual

Openvpn

Hide thumbs Also See for 5600:

Configuration manual (187 pages)

Reference manual (96 pages)

Quick start manual (48 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

page of 124

/ 124
Contents
Table of Contents
Bookmarks

Table of Contents

Authentication of the client bundle

By default, no client bundle is generated if no operating system is explicitly configured.

The following example shows how to create on commit all three operating systems client bundles.

TABLE 19

Configuring the operating systems

Step

Configure OS X as the target operating system for which to create a client-

bundle.

Generate the client bundle, which consists of a standard OpenVPN-formatted

configuration file.

Configure Linux as the target operating system for which to create a client-

bundle.

Authentication of the client bundle

Authentication of SSL-VPN client bundle is accomplished through a username and password together

as the authentication token without TLS client certificates. The authentication can be done against a

set of Brocade vRouter-maintained local service users or against central identity management

systems like cooperating directory servers (for example, LDAP).

Management of local service users and authentication against a central identity management system

is covered in Service User Management.

The SSL-VPN client authentication configuration only requires to reference to authentication profiles of

central identify management systems or by referring local service users or groups of local service

users.

The SSL-VPN client authentication configuration references the following:

• Authentication profiles of central identity management systems

• Local service users

• Groups of local service users

Any change to the service-user authentication, such as adding or removing a new local service user,

or changing or adding an LDAP authentication profile, does not require a change to existing client

bundles.

Because client bundles are independent of users, no such change requires a change to existing client

setups. A change to service-user authentication does not require a restart of the SSL-VPN server, nor

does it terminate the existing client connection.

Authentication methods can be combined for the same SSL-VPN instance to provide authentication

against multiple LDAP servers and local service users. When one of these authentication resources

grants access, the authorization of the SSL-VPN connection is granted and access to that SSL-VPN

instance is permitted.

SSL-VPN access to a local service user

By default, no local service user is granted access to any SSL-VPN endpoint. Fine grained-access

control can be granted by explicitly referring to which service user or group of service users is granted

access.

The following example shows how to create the alice and bob local service users and grant access for

them to the vtunX OpenVPN interface.

Command

vyatta@vyatta# set interfaces openvpn

vtunX client-bundle osx

vyatta@vyatta# set interfaces openvpn

vtunX client-bundle generic

vyatta@vyatta# set interfaces openvpn

vtunX client-bundle linux

Brocade 5600 vRouter OpenVPN Reference Guide

53-1003719-03

Table of Contents

Authentication Of The Client Bundle - Brocade Communications Systems 5600 Reference Manual

Authentication of the client bundle

Related Manuals for Brocade Communications Systems 5600

Related Content for Brocade Communications Systems 5600

Table of Contents