Azure AD DS / opnsense

Benjamin Fellner 40 Reputation points
2023-09-11T09:36:06.97+00:00

Hi all,

I would like to ask if it's possible to connect opnsense to our azure AD (entra ID)? In general the use case would be, that we would like to authenticate users via LDAPS, which are in azure AD, so that they can use the VPN (is done on opnsense side). Like I already saw I can use Azure AD DS andsetup afterwards LDAPS, is that the correct way or do you maybe know some better solutions how to establish that connection? The opnsense firewall should somehow get the user authentication from Azure AD (entra ID), check if it's fine and afterwards the user can connect via VPN.

Thanks!

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
16,607 questions
Microsoft Entra
{count} votes

Accepted answer
  1. James Hamil 17,766 Reputation points Microsoft Employee
    2023-09-11T21:16:53.92+00:00

    Hi @Benjamin Fellner , yes it's possible to connect OPNsense to Azure AD for user authentication. One way to achieve this is by using Azure AD Domain Services (Azure AD DS) and setting up LDAPS. Azure AD DS provides a managed domain service with LDAP, which you can use to authenticate users via LDAPS for VPN access on the OPNsense firewall.

    Another option is to use Azure Virtual WAN User VPN (point-to-site) with Azure AD authentication for OpenVPN protocol connections. This method allows users to connect to your VNet using Azure AD authentication.

    Please let me know if you have any questions and I can help you further.

    If this answer helps you please mark "Accept Answer" so other users can reference it.

    Thank you,

    James

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful