Azure AD DS / opnsense

Benjamin Fellner 105 Reputation points
2023-09-11T09:36:06.97+00:00

Hi all,

I would like to ask if it's possible to connect opnsense to our azure AD (entra ID)? In general the use case would be, that we would like to authenticate users via LDAPS, which are in azure AD, so that they can use the VPN (is done on opnsense side). Like I already saw I can use Azure AD DS andsetup afterwards LDAPS, is that the correct way or do you maybe know some better solutions how to establish that connection? The opnsense firewall should somehow get the user authentication from Azure AD (entra ID), check if it's fine and afterwards the user can connect via VPN.

Thanks!

Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Microsoft Entra | Other
{count} votes

Accepted answer
  1. James Hamil 27,221 Reputation points Microsoft Employee Moderator
    2023-09-11T21:16:53.92+00:00

    Hi @Benjamin Fellner , yes it's possible to connect OPNsense to Azure AD for user authentication. One way to achieve this is by using Azure AD Domain Services (Azure AD DS) and setting up LDAPS. Azure AD DS provides a managed domain service with LDAP, which you can use to authenticate users via LDAPS for VPN access on the OPNsense firewall.

    Another option is to use Azure Virtual WAN User VPN (point-to-site) with Azure AD authentication for OpenVPN protocol connections. This method allows users to connect to your VNet using Azure AD authentication.

    Please let me know if you have any questions and I can help you further.

    If this answer helps you please mark "Accept Answer" so other users can reference it.

    Thank you,

    James

    2 people found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.