recently someone pointed me to OpenVPN with my thought in mind to find a vpn server solution that is on the one hand able to handle connectionattempts from the buildin vpn client fromon w2k to w2k3 and xp and on the other hand capable to authenticate via user changable pam module.
My first goal is to give my user the possibility to connect into our lan via vpn without having to install an isa in our lan. Instead I'd like to install a vpn server on our linux firewall box.
That one is (thx samba 3.0 and winbind) member in our domain and services like login, xdm and su use pam_winbind.so for authetication against our ad on the dc's.
Now I need a VPN server that authenticates my vpn users via pam too so that I dont need to administer users twice.
Our second goal is more tricky. We use E4NetKey smartcard's for winlogon on our local machines. On the smartcard's there are logon certificates installed issued by our own issuing ca (m$ based). If a user wants to logon an inserts a sc, the logon dll is switched to gina.dll and that one authenticates him against the ad.
What I would like to have in a second step ist that kind of smartcard authetification for the vpn users. Thats the reason why I am looking for a VPN server out there that can communicate with the m$ buildin vpn clients.
Any suggestions, links, hints ?
Thx in advance.
Jan Roesner email@example.com