Azure AD DS / opnsense

Benjamin Fellner 105 Reputation points
2023-09-11T09:36:06.97+00:00

Hi all,

I would like to ask if it's possible to connect opnsense to our azure AD (entra ID)? In general the use case would be, that we would like to authenticate users via LDAPS, which are in azure AD, so that they can use the VPN (is done on opnsense side). Like I already saw I can use Azure AD DS andsetup afterwards LDAPS, is that the correct way or do you maybe know some better solutions how to establish that connection? The opnsense firewall should somehow get the user authentication from Azure AD (entra ID), check if it's fine and afterwards the user can connect via VPN.

Thanks!

Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,266 questions
{count} votes

Accepted answer
  1. James Hamil 24,131 Reputation points Microsoft Employee
    2023-09-11T21:16:53.92+00:00

    Hi @Benjamin Fellner , yes it's possible to connect OPNsense to Azure AD for user authentication. One way to achieve this is by using Azure AD Domain Services (Azure AD DS) and setting up LDAPS. Azure AD DS provides a managed domain service with LDAP, which you can use to authenticate users via LDAPS for VPN access on the OPNsense firewall.

    Another option is to use Azure Virtual WAN User VPN (point-to-site) with Azure AD authentication for OpenVPN protocol connections. This method allows users to connect to your VNet using Azure AD authentication.

    Please let me know if you have any questions and I can help you further.

    If this answer helps you please mark "Accept Answer" so other users can reference it.

    Thank you,

    James

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.