OpenVPN DC

Introduction
OpenVPN is a secure VPN technology with clients available for Windows, MacOS(OSX), Linux, iOS and Android.

A large proportion of office setups use a Windows domain for authentication and management with either a Windows or Samba4 domain controller. To keep things simple for users it is often required to use the same credentials to login to the domain and the VPN.

There are a few design decisions to be discussed first...

1/ Routed or Bridged \ If you're dealing with purely IP based protocols then the preference is going to be for routed. If you bridge your connection then you're going to get extra traffic such as ARP, Bonjour etc potentially travelling over your VPN link. Given that VPN's are generally lower bandwidth connections this is undesirable. Routed introduces it's own issues but these are easy to deal with.

2/ Where to install the OpenVPN server\ Generally, in these days of virtualisation, the preference is overwhelmingly for a separate, dedicated VM instance. If your firewall can host an OpenVPN server it's worth considering running it there, mainly because it reduces routing problems (the firewall is usually the default gateway for most networks).

3/Authentication\ There are a number of ways to auth