Nikolay Dachev NikolayDachev

## freeipa-openvpn.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                NikolayDachev
                / freeipa-openvpn.md
            
            
              Created
              June 1, 2022 14:36
                — forked from rechner/freeipa-openvpn.md
            
              
                FreeIPA setup for OpenVPN logins
              
          
    This article proved to be a decent starting point, but I was particularly interested in allowing password-based logins to OpenVPN using a username/password backed by FreeIPA (opposed to client certificates) as the identity provider.

IPA join your VPN machine: ipa-client-install --mkhomedir
Get a kerberos ticket: kinit
Create a Kerberos service principle and HBAC rule for openvpn access:

ipa service-add openvpn/`hostname`


Create new hbacrule in console, mark host as the VPN host, and whatever group you want to restrict access to:


## mikrotik-wifi-switch.rsc
:log info message=("mode button was pressed");
:local i

:if ([/int wir cap get enabled] = true) do={
  /interface wireless cap set enabled=no;
  :global SlackMessage "Mode button was presssed. CAP is now disabled.";
  :if ( [/int wir get 0 disabled ] = false ) do={
    :foreach i in= [ /int wir find ] do={ :int wir disable $i };
  }
} else={
	:log info message=("mode button was pressed");
	:local i

	:if ([/int wir cap get enabled] = true) do={
	/interface wireless cap set enabled=no;
	:global SlackMessage "Mode button was presssed. CAP is now disabled.";
	:if ( [/int wir get 0 disabled ] = false ) do={
	:foreach i in= [ /int wir find ] do={ :int wir disable $i };
	}
	} else={