website/docs: Add Integrations/Provider/OPNsense (#1777)
* website/docs: Add Integrations/Provider/OPNsense * website/docs: Add missing steps + fix recs * website/docs: authentik starts lowercase
This commit is contained in:
parent
84e126a32c
commit
1f05eaa420
|
@ -0,0 +1,96 @@
|
|||
---
|
||||
title: OPNsense
|
||||
---
|
||||
|
||||
## What is OPNsense
|
||||
|
||||
From https://opnsense.org/
|
||||
|
||||
:::note
|
||||
OPNsense is a free and Open-Source FreeBSD-based firewall and routing software. It is licensed under an Open Source Initiative approved license.
|
||||
:::
|
||||
|
||||
:::note
|
||||
This is based on authentik 2021.10.3 and OPNsense 21.7.4-amd64 installed using https://docs.opnsense.org/manual/install.html. Instructions may differ between versions.
|
||||
:::
|
||||
|
||||
## Preparation
|
||||
|
||||
The following placeholders will be used:
|
||||
|
||||
- `authentik.company` is the FQDN of authentik.
|
||||
- `opnsense-user` is the name of the authentik Service account we'll create.
|
||||
- `DC=ldap,DC=goauthentik,DC=io` is the Base DN of the LDAP Provider (default)
|
||||
|
||||
### Step 1
|
||||
|
||||
In authentik, create a service account (under _Identity & Cryptography/Users_) for OPNsense to use as the LDAP Binder.
|
||||
|
||||
In this example, we'll use `opnsense-user` as the Service account's username
|
||||
|
||||
:::note
|
||||
Take note of the password for this user as you'll need to give it to OPNsense in _Step 4_.
|
||||
:::
|
||||
|
||||
### Step 2
|
||||
|
||||
In authentik, create an _LDAP Provider_ (under _Resources/Providers_) with these settings:
|
||||
|
||||
:::note
|
||||
Only settings that have been modified from default have been listed.
|
||||
:::
|
||||
|
||||
**Protocol Settings**
|
||||
- Name: LDAP
|
||||
- Certificate: authentik Self-signed certificate
|
||||
|
||||
### Step 3
|
||||
|
||||
In authentik, create an application (under _Resources/Applications_) which uses this provider. Optionally apply access restrictions to the application using policy bindings.
|
||||
|
||||
:::note
|
||||
Only settings that have been modified from default have been listed.
|
||||
:::
|
||||
|
||||
- Name: LDAP
|
||||
- Slug: ldap
|
||||
- Provider: LDAP
|
||||
|
||||
### Step 4
|
||||
|
||||
In authentik, create an outpost (under _Outposts/Outposts_) of type `LDAP` that uses the LDAP Application you created in _Step 2_.
|
||||
|
||||
:::note
|
||||
Only settings that have been modified from default have been listed.
|
||||
:::
|
||||
|
||||
- Name: LDAP
|
||||
- Type: LDAP
|
||||
### Step 5
|
||||
|
||||
Add your authentik LDAP server to OPNsense by going to your OPNsense Web UI and clicking the `+` under _System/Access/Servers_.
|
||||
|
||||
Change the following fields
|
||||
|
||||
- Descriptive name: authentik
|
||||
- Hostname or IP address: authentik.company
|
||||
- Transport: SSL - Encrypted
|
||||
- Bind credentials
|
||||
- User DN: CN=CN=opnsense-user,OU=users,DC=ldap,DC=goauthentik,DC=io
|
||||
- Password: whatever-you-set
|
||||
- Base DN: DC=ldap,DC=goauthentik,DC=io
|
||||
- Authentication containers: OU=users,DC=ldap,DC=goauthentik,DC=io;OU=groups,DC=ldap,DC=goauthentik,DC=io
|
||||
- Extended Query: &(objectClass=user)
|
||||
|
||||
![](./opnsense1.png)
|
||||
### Step 6
|
||||
|
||||
In OPNsense, go to _System/Settings/Administration_ and under _Authentication_ at the bottom of that page, add `authentik` to the Server list
|
||||
|
||||
![](./opnsense2.png)
|
||||
|
||||
## Notes
|
||||
|
||||
:::note
|
||||
Secure LDAP more by creating a group for your `DN Bind` users and restricting the `Search group` of the LDAP Provider to them.
|
||||
:::
|
Binary file not shown.
After Width: | Height: | Size: 62 KiB |
Binary file not shown.
After Width: | Height: | Size: 22 KiB |
|
@ -101,6 +101,7 @@ module.exports = {
|
|||
"integrations/services/matrix-synapse/index",
|
||||
"integrations/services/minio/index",
|
||||
"integrations/services/nextcloud/index",
|
||||
"integrations/services/opnsense/index",
|
||||
"integrations/services/portainer/index",
|
||||
"integrations/services/proxmox-ve/index",
|
||||
"integrations/services/rancher/index",
|
||||
|
|
Reference in New Issue