LUG Intranet VPN




Server intranet is a closed network, which cannot be accessed from Internet. LUGI VPN helps maintainer get access to intranet temporarily.

LUGI VPN is running in Banana Pi, the only ARM architecture device we owned. Using OpenVPN protocal, authorizing via LDAP.


OpenVPN LDAP auth plugin config /etc/openvpn/auth-ldap.conf:

    URL             ldaps://
    Timeout         15
    FollowReferrals yes
    TLSCACertFile   /etc/ldap/ssl/slapd-ca-cert.pem

    BaseDN          "ou=people,dc=lug,dc=ustc,dc=edu,dc=cn"
    SearchFilter    "(uid=%u)"
    RequireGroup    false

In openvpn configuration:

plugin /usr/lib/openvpn/ /etc/openvpn/auth-ldap.conf

Servers intranet is a layer 2 network without default gateway. So NAT is needed:

iptables -t nat -A POSTROUTING -s -d -j MASQUERAD