REPUBLIC DU CAMEROUN REPUBLIC OF CAMEROON

Paix-Travail-Patrie Peace-Work-Fatherland
*********** ***********

MINISTERE DE L’ENSEIGNEMENT MINISTRY OF HIGHER

EDUCATION
SUPERIEUR
***********
***********

INSTALLATION AND CONFIGURATION OF A VPN WITH

OPENVPN AND AUTHENTICATION WITH LDAP

Internship carried out from July 01 to August 30 in order to obtain the

certificate of advanced technicians.

Major: Computer Science.

Specialty: Information Systems Management.

Report written by Ms. NOUNDOU NDJOMO Oceanne Chelsea, 2nd year

student at ISTAG University.

Under the supervision

Professional of : Academic of :

Mrs. GUIFO Sidonie Mr. DEMANOU Romeo

ACADEMIC YEAR 2024/2025

INSTALLATION AND CONFIGURATION OF A VPN WITH OPENVPN AND
AUTHENTICATION WITH LDAP

DEDICATION

TO
MY PARENTS

2
Written and presented by NOUNDOU NDJOMO Oceanne Chelsea
INSTALLATION AND CONFIGURATION OF A VPN WITH OPENVPN AND
AUTHENTICATION WITH LDAP

ACKNOWLEDGEMENT

I thank Mrs. JUDITH YAH SUNDAY for accepting me to do an internship

in her company.

I would like to thank Mrs. GUIFO Sidonie who supervised me throughout

my internship here at CAMTEL.

I thank my aunt NKWAYEP VANESSA because she was there for me at

all times, she always checked in with me on how the internship is going.

I thank TATA UZEL because without her I wouldn't be here so really thank
you to her.

3
Written and presented by NOUNDOU NDJOMO Oceanne Chelsea
INSTALLATION AND CONFIGURATION OF A VPN WITH OPENVPN AND
AUTHENTICATION WITH LDAP

ABSTRACT

This report covers in first part how my internship was and what I did during
my internship that is the activities carried out during the internship.

And in second part how to install and configure a VPN with OpenVPN and
how to authenticate with LDAP. We'll first go through the theoretical
foundations of VPN and LDAP authentication, and then outline the steps
for configuration. This report demonstrates that installing and configuring
a VPN with OpenVPN and authenticating with LDAP is a robust and
secure solution for businesses looking to protect their data and
communications.

4
Written and presented by NOUNDOU NDJOMO Oceanne Chelsea
INSTALLATION AND CONFIGURATION OF A VPN WITH OPENVPN AND
AUTHENTICATION WITH LDAP

RESUME

Ce rapport explique en première temps comment était mon stage et les

activités faites durant mon stage.
Et en second temps comment installer et configurer un VPN avec
OpenVPN et comment s’authentifier avec LDAP. Nous allons d’abord
passer en revue les fondements théoriques de l’authentification VPN et
LDAP, puis décrire les étapes de configuration. Ce rapport démontre que
l’installation et la configuration d’un VPN avec OpenVPN et
l’authentification avec LDAP constituent une solution robuste et sécurisée
pour les entreprises qui cherchent à protéger leurs données et leurs
communications.

5
Written and presented by NOUNDOU NDJOMO Oceanne Chelsea
INSTALLATION AND CONFIGURATION OF A VPN WITH OPENVPN AND
AUTHENTICATION WITH LDAP

TABLE OF CONTENTS
DEDICATION ......................................................................................................................... 2

ACKNOWLEDGEMENT ...................................................................................................... 3

ABSTRACT ............................................................................................................................. 4

RESUME .................................................................................................................................. 5

TABLE OF CONTENTS ........................................................................................................ 6

LIST OF FIGURES................................................................................................................. 8

LIST OF TABLES................................................................................................................... 9

LIST OF ABBREVIATIONS ............................................................................................... 10

FIRST PART : ....................................................................................................................... 12

CAMTEL OVERVIEW ........................................................................................................ 12

ACTIVITY CARRIED OUT IN CAMTEL ........................................................................ 12

CHAPTER 1 : .................................................................................................................... 13

INTRODUCTION ............................................................................................................. 13

PRESENTATION OF CAMTEL .................................................................................... 14

1.0 HISTORY OF CAMTEL: .......................................................................................... 14

1.1 CAMTEL'S GEOGRAPHICAL LOCATION .............................................................................. 15

1.2 CAMTEL VISION ................................................................................................................. 16

1.3 CAMTEL PRODUCTS AND SERVICES................................................................................... 16

1.4 CAMTEL MISSION .............................................................................................................. 19

1.5 MISSION OF THE DSIR ........................................................................................................ 19

1.6 THE DSIR OGRANIGRAM .................................................................................................... 21

1.7 THE DATA CENTER ............................................................................................................. 21

2.0 ACTIVITIES CARRIED OUT DURING MY INTERNSHIP.......................................................... 24

PART TWO: .......................................................................................................................... 26

CHAPTER TWO: ................................................................................................................. 26

THEORETICAL PART OF THE THEME: ...................................................................... 26

6
Written and presented by NOUNDOU NDJOMO Oceanne Chelsea
INSTALLATION AND CONFIGURATION OF A VPN WITH OPENVPN AND
AUTHENTICATION WITH LDAP

2.0 GENERAL INTRODUCTION ; ................................................................................ 27

Problematic; ....................................................................................................................... 27

Solution; ............................................................................................................................. 28

The objective ...................................................................................................................... 28

THEORETICAL FRAMEWORK; ................................................................................. 28

2.1.1 A VPN ; ............................................................................................................................ 28

2.1.2 OpenVPN; ....................................................................................................................... 31

2.1.3 LDAP; .............................................................................................................................. 32

2.1.4 A firewall......................................................................................................................... 33

2.1.5 Comparison Between VPN Protocols ............................................................................. 35

2.1.6 Comparing pfsense with Other Firewalls ....................................................................... 36

METHODOLOGICAL FRAMEWORK ........................................................................ 36

2.2.1 Steps to Configure a VPN ............................................................................................... 37

PART THREE : PRACTICAL PART ............................................................................ 38

3.0 INTRODUCTION ........................................................................................................... 38

3.1 CERTIFICATE MANAGEMENT ............................................................................ 38

3.1.1 Create the CA.................................................................................................................. 38

3.1.2 Create the server certificate ........................................................................................... 39

3.2 CREATE LOCAL USERS ......................................................................................... 40

3.3 CONFIGURE THE OPENVPN SERVER ................................................................ 40

3.4 EXPORT OPENVPN CONFIGURATION .............................................................. 42

3.5 CREATING FIREWALL RULES FOR OPENVPN ............................................... 43

3.5.1 Allow openvpn stream ................................................................................................... 43

REFERENCES .................................................................................................................. 45

PART TWO : ......................................................................................................................... 46

CHAPTER FOUR: ................................................................................................................ 46

RECOMMENDATION AND CONCLUSION ................................................................... 46

RECOMMENDATION .................................................................................................... 47

CONCLUSION .................................................................................................................. 48
7
Written and presented by NOUNDOU NDJOMO Oceanne Chelsea
INSTALLATION AND CONFIGURATION OF A VPN WITH OPENVPN AND
AUTHENTICATION WITH LDAP

LIST OF FIGURES

FIGURE 1: PHOTO BY CAMTEL............................................................... 15

FIGURE 2: GEOGRAPHICAL LOCATION OF CAMTEL ................................. 15
FIGURE 3: DSIR ORGANIZATIONAL CHART ............................................. 21
FIGURE 4: ARCHITECTURE OF A DATA CENTER .......................................... 23
FIGURE 5: ILLUSTRATION OF A VPN ........................................................ 29
FIGURE 6: ARCHITECTURE OF A VPN ...................................................... 38

8
Written and presented by NOUNDOU NDJOMO Oceanne Chelsea
INSTALLATION AND CONFIGURATION OF A VPN WITH OPENVPN AND
AUTHENTICATION WITH LDAP

LIST OF TABLES

TABLE 1: ACTIVITIES CARRIED OUT DURING MY INTERNSHIP .................... 24

9
Written and presented by NOUNDOU NDJOMO Oceanne Chelsea
INSTALLATION AND CONFIGURATION OF A VPN WITH OPENVPN AND
AUTHENTICATION WITH LDAP

LIST OF ABBREVIATIONS

CAMTEL Cameroon Telecommunication

VPN Virtual Private Network

UDP User Datagram Protocol

OpenVPN Open Virtual Private Network

LDAP Lightweight Directory Access Protocol

PC Personal Computer

IKEv2 Internet Key Exchange version 2

L2TP Tunneling Protocol Level 2

PPTP Protocole de tunneling Point-a-Point

SSTP Secure Tunneling Protocol

RAM Random Access Memory

DNS Domain Name Systems

RDP Remote Desktop Protocol

CDMA Code Division Multiple Access

PSTN Public Switched Telephone Network

GSM Global Systems for Mobile Communications

VSAT Satellite Telecommunication System

FTTH Fiber to the Home

ADSL Broadband Access via Telephone Network

EVDO Optimized Data Evolution

10
Written and presented by NOUNDOU NDJOMO Oceanne Chelsea
INSTALLATION AND CONFIGURATION OF A VPN WITH OPENVPN AND
AUTHENTICATION WITH LDAP

LTE Fourth Generation Mobile Communication Technology

WIFI Wireless Fidelity

11
Written and presented by NOUNDOU NDJOMO Oceanne Chelsea
INSTALLATION AND CONFIGURATION OF A VPN WITH OPENVPN AND
AUTHENTICATION WITH LDAP

FIRST PART :
INTRODUCTION

CAMTEL OVERVIEW

ACTIVITY CARRIED OUT IN CAMTEL

12
Written and presented by NOUNDOU NDJOMO Oceanne Chelsea
INSTALLATION AND CONFIGURATION OF A VPN WITH OPENVPN AND
AUTHENTICATION WITH LDAP

CHAPTER 1 :
INTRODUCTION

My internship was carried out in CAMTEL were I did two months that is
from the 1st July to the 30th August and during this two months I was
supervised by Mme GUIFO SIDONIE who welcomed me well. Firstly, she
gave me a brief overview of CAMTEL and how it is. Then, I was taught
about the data center and its architecture, CISO mind map, a firewall called
pfsense.

13
Written and presented by NOUNDOU NDJOMO Oceanne Chelsea
INSTALLATION AND CONFIGURATION OF A VPN WITH OPENVPN AND
AUTHENTICATION WITH LDAP

PRESENTATION OF CAMTEL
1.0 HISTORY OF CAMTEL:

CAMTEL (acronym for Cameroon

Telecommunication) is the public telephone operator of Cameroon. The
company has been in the process of privatization since 1998, with the
Cameroonian state wishing to sell 51% of its stake. CAMTEL was created
in 1998 from the transformation of the Telecommunications Directorate
(Ministry of Posts and Telecommunications) into a public limited
company, to which was added the public company Intelcam, then
responsible for international telephone communications.

The mobile phone subsidiary, CAMTEL-Mobil, was sold to the

telecommunications operator MTN in February 2000. These changes
occurred during the liberation of the telecommunications sector in
Cameroon. The next step should have been the privatization of CAMTEL,
which could not be carried out due to a lack of investors. Indeed, the
company did not benefit from a GSM license, the main attraction for
investors in the telephony sector at that time.

In 2005, the company launched the CT-Phone mobile phone service, based
on CDMA technology. The equipment needed to start the service was
donated by the People's Republic of China.

CAMTEL has a monopoly on the national fibre optic network, which it

leases to other operators.

In March 2018, the operator announced its ambition to launch into satellite
internet distribution. A few months later, JUDITH YAH SUNDAY epse
ACHIDI was appointed by the President of the Republic of Cameroon as

14
Written and presented by NOUNDOU NDJOMO Oceanne Chelsea
INSTALLATION AND CONFIGURATION OF A VPN WITH OPENVPN AND
AUTHENTICATION WITH LDAP

the new general manager of the telecommunications firm following the

presidential decree of December 14, 2018.

Figure 1: photo by CAMTEL

1.1 CAMTEL'S GEOGRAPHICAL LOCATION

Figure 2: geographical location of CAMTEL

SOURCE : GOOGLE MAP

15
Written and presented by NOUNDOU NDJOMO Oceanne Chelsea
INSTALLATION AND CONFIGURATION OF A VPN WITH OPENVPN AND
AUTHENTICATION WITH LDAP

1.2 CAMTEL VISION

• « To be a corporate citizen, innovative and leader in digital

transformation in sub-Saharan Africa by 2030 »

1.3 CAMTEL PRODUCTS AND SERVICES

CAMTEL's products and services are:

➢ Mobile offers

CAMTEL, the leading telecommunications provider in Cameroon, offers

several mobile service offerings. Here is an overview of the offers
generally available :

1. Prepaid Plans: These plans often include credits for calls, texts, and
mobile data. They are designed to offer flexibility and are
rechargeable according to the user's needs.

2. Postpaid plans: These offers are based on a monthly subscription

and include services such as unlimited calling or a certain number of
hours of calling, SMS, and mobile data. They are often accompanied
by the possibility of paying at the end of the month depending on
usage.

3. Data Deals: For users primarily interested in internet access,

CAMTEL offers various mobile data plans with different amounts
of GB. These plans can be prepaid or postpaid.

16
Written and presented by NOUNDOU NDJOMO Oceanne Chelsea
INSTALLATION AND CONFIGURATION OF A VPN WITH OPENVPN AND
AUTHENTICATION WITH LDAP

4. Enterprise Offerings: CAMTEL also offers solutions tailored to

business needs, including mobile plans, unified communication
services, and connectivity solutions.

➢ Fixed Offers

CAMTEL offers various fixed telephony services in Cameroon, tailored to

both residential and business needs. Here is an overview of the offers
generally available :

1. Residential Subscriptions :

o Basic Plans: Offer local and sometimes international calls at

competitive rates. They often include a certain amount of talk
time or a discounted rate per minute for calls.

o All-Inclusive Plans: Includes unlimited local calls and

sometimes international calls at discounted rates. Some plans
may also include additional services such as calls to mobiles
at a reduced rate.

2. Professional Subscriptions :

o Business Phone Solutions: These offerings are designed to

meet the needs of businesses, with options for unlimited
calling, multi-line, and advanced telephony services.

o Unified Communications Solutions: Integrate fixed

telephony with services such as voicemail, call management,
and conferencing solutions.

17
Written and presented by NOUNDOU NDJOMO Oceanne Chelsea
INSTALLATION AND CONFIGURATION OF A VPN WITH OPENVPN AND
AUTHENTICATION WITH LDAP

➢ Transport offers

CAMTEL also offers data transport and connectivity services,

especially for enterprises and large institutions. Here is an overview
of the transport offers generally available:

1. Fiber optic links:

Private Fiber Optic Links: CAMTEL offers fiber optic

connectivity solutions for enterprises, government institutions, and
other large organizations. These services offer high-speed
connections and high reliability for large data transfer needs.

Virtual Private Networks (VPNs): VPN solutions help secure

communications between different sites of a company, using fiber
optic infrastructures to ensure a fast and secure connection.

2. Enterprise Connectivity Services:

Site Interconnection: CAMTEL offers services to connect multiple

sites of a company, whether in the same city or across different
localities, using fiber optics or other transport technologies.

Wide Area Network (WAN) Solutions: For large organizations,

CAMTEL offers WAN solutions that allow multiple offices or
locations to be connected geographically.

3. High-speed Internet access:

Fiber Optic Internet: Broadband offerings for businesses and

institutions, using fiber optics to ensure a fast and stable connection.

Dedicated Internet Access: Solutions for businesses that require a

dedicated Internet connection with guaranteed bandwidth.

18
Written and presented by NOUNDOU NDJOMO Oceanne Chelsea
INSTALLATION AND CONFIGURATION OF A VPN WITH OPENVPN AND
AUTHENTICATION WITH LDAP

1.4 CAMTEL MISSION

They are quite revealing and significant of his sector of activity,

we can mention:

• Achievements of commercial operations

• Exchange of accounts with other national and international
telecommunications operators;
• Study, installation, operation and maintenance of all the
infrastructures necessary for the provision of
telecommunications services throughout the national
territory, as well as the connection of national networks to
foreign networks.
•

1.5 MISSION OF THE DSIR

The mission of the DSIR, is to design, develop and monitor the company's
information systems and IP (Internet Protocol) Operator Networks. As
such, it is responsible for:

• Information System Management Policy;

• Management of the urbanization process of the company's
Information Systems;
• Administration, maintenance and monitoring of the operation
of applications and systems;
• Management of the urbanization process of the company's
Information Systems;

19
Written and presented by NOUNDOU NDJOMO Oceanne Chelsea
INSTALLATION AND CONFIGURATION OF A VPN WITH OPENVPN AND
AUTHENTICATION WITH LDAP

• Listening to and translating the needs of business customers

into technical and functional specifications relating to the
development of application solutions;
• Development of the company's Intranet/Extranet network,
integrating all the company's organizational entities;
• Development and monitoring of the operation and
maintenance of IP/MPLS operator networks in accordance
with the company's strategic infrastructure and service
development plan;
• Administration, maintenance, optimization and high-level
monitoring of databases, applications and management
systems;
• Promotion of research and development activities of specific
IT applications and value-added services;
• Monitoring the state of the art in technology, in the fields of
Information Technology & Internet Protocol;
• Listening to and translating the needs of business customers
into technical and functional specifications relating to the
development of application solutions;
• The design and development of the integrated reporting
database "Dataware House" and the company's operational
and decision-making reporting systems;
• The development of technical specifications for IT production
infrastructures, in particular computers, printers and tablets;
• Conduct of technical investigations relating to claims and
embezzlement;
• Centralization and preparation of orders for computer
equipment.

20
Written and presented by NOUNDOU NDJOMO Oceanne Chelsea
INSTALLATION AND CONFIGURATION OF A VPN WITH OPENVPN AND
AUTHENTICATION WITH LDAP

1.6 THE DSIR OGRANIGRAM

Figure 3: DSIR Organizational Chart

1.7 THE DATA CENTER

A Data Center is an infrastructure made up of a network of computers and

storage space. This highly secure infrastructure is used by companies to
organize, process, store, and store large amounts of data.

21
Written and presented by NOUNDOU NDJOMO Oceanne Chelsea
INSTALLATION AND CONFIGURATION OF A VPN WITH OPENVPN AND
AUTHENTICATION WITH LDAP

THE DIFFERENT TYPES OF DATA CENTERS

There are 3 types of data center

• The on-premises enterprise data center ;

In this model, IT infrastructure and data are hosted on-

premises. Many companies choose to have their own on-premises data
centers because they feel they have more control over information security
and can more easily comply with regulations such as the General Data
Protection Regulation (GDPR).

• The data center in cloud mode ;

Also known as cloud computing data centers, these
data centers host IT infrastructure resources intended to be used by
multiple customers (from a few dozen to several million customers).

• The managed data center ;

These are turnkey facilities for organizations that
don't have the space, staff, or expertise to deploy and manage some
or all of their IT infrastructure on-premises, but prefer not to host
that infrastructure using the shared resources of a public cloud data
center.

22
Written and presented by NOUNDOU NDJOMO Oceanne Chelsea
INSTALLATION AND CONFIGURATION OF A VPN WITH OPENVPN AND
AUTHENTICATION WITH LDAP

Figure 4: architecture of a data center

23
Written and presented by NOUNDOU NDJOMO Oceanne Chelsea
INSTALLATION AND CONFIGURATION OF A VPN WITH OPENVPN AND
AUTHENTICATION WITH LDAP

2.0 ACTIVITIES CARRIED OUT DURING MY INTERNSHIP

Table 1: Activities carried out during my internship

WEEK DIFFERENT ACTIVITIES

WEEK 1 It was my very first week of

internship but I couldn't meet my
supervisor so we asked to go home
and on the third day I came back
and was assigned another
supervisor who gave me the task of
giving a proper presentation on
CAMTEL

The next two days of the week were

reserved for the introduction and
discussion of the assignment I had
been given in the previous days.

WEEK 2 During this week, I got a general

overview of the company.

WEEK 3 My supervisor asked me to do some

research on data centers and the
architecture of a data center.

24
Written and presented by NOUNDOU NDJOMO Oceanne Chelsea
INSTALLATION AND CONFIGURATION OF A VPN WITH OPENVPN AND
AUTHENTICATION WITH LDAP

WEEK 4 I was taught the CISO mind map

and its features.

WEEK 5 I was asked to install pfsense on a

virtual machine like Vmware,
Virtual Box.

WEEK 6 I was asked to set up the pfsense I

had previously installed.

WEEKS 7 & 8 I worked on my report on what I did

during my internship

25
Written and presented by NOUNDOU NDJOMO Oceanne Chelsea
INSTALLATION AND CONFIGURATION OF A VPN WITH OPENVPN AND
AUTHENTICATION WITH LDAP

PART TWO:

CHAPTER TWO:

THEORETICAL PART OF THE THEME:

26
Written and presented by NOUNDOU NDJOMO Oceanne Chelsea
INSTALLATION AND CONFIGURATION OF A VPN WITH OPENVPN AND
AUTHENTICATION WITH LDAP

2.0 GENERAL INTRODUCTION ;

The COVID-19 outbreak has radically transformed the
global business and technology landscape. With the spread of the virus,
many companies have been forced to adopt remote work as the norm,
exposing new vulnerabilities in information security and network
management. In this context, the installation and configuration of VPN
(Virtual Private Network) solutions such as OpenVPN, combined with
robust authentication systems such as LDAP (Lightweight Directory
Access Protocol), have become essential priorities to guarantee the security
of information exchanges and the protection of sensitive data. OpenVPN's
integration with LDAP enables efficient user management and secure
access to network resources, while addressing the challenges posed by
widespread remote work. This combined approach ensures not only the
protection of communications over the Internet but also strong
authentication, which is essential to maintain the security and integrity of
information systems in a remote work environment.

Businesses have sensitive data to protect and secure connectivity

needs for their employees working remotely. Public networks are not
secure, and data can be intercepted. A secure VPN is necessary to protect
data and ensure privacy.

Problematic;
• How do you set up a secure VPN and centralized authentication to
manage access and ensure data security remotely?

27
Written and presented by NOUNDOU NDJOMO Oceanne Chelsea
INSTALLATION AND CONFIGURATION OF A VPN WITH OPENVPN AND
AUTHENTICATION WITH LDAP

Solution;
• You need to install OpenVPN on a server, configure security and
connection settings, and then integrate LDAP for user
authentication.

The objective
The overall goal here is to install and configure a VPN with
OpenVPN and LDAP to have a secure remote connection.

The specific objective is to:

• Configure a VPN with protocols and using a firewall.

• Develop skills.
• To gain hands-on experience and also to deal with real-world
practice.

THEORETICAL FRAMEWORK;

Definition of key points, advantages and disadvantages

2.1.1 A VPN ;

A VPN describes the ability to establish a protected

network connection when using public networks. VPNs
encrypt your internet traffic and disguise your online identity.
A VPN works like a filter that transforms all your data. Even
if someone were to get their hands on your data, it would be
unusable.

28
Written and presented by NOUNDOU NDJOMO Oceanne Chelsea
INSTALLATION AND CONFIGURATION OF A VPN WITH OPENVPN AND
AUTHENTICATION WITH LDAP

2.1.1.0 How does a VPN works

A VPN hides your IP address by letting the network redirect it
through a specially configured remote server run by a VPN host. This
means that if you surf online with a VPN, the VPN server becomes the
source of your data. This means your Internet Service Provider (ISP)
cannot see which website you visited or what data you send and receive
online. A VPN works like a filter that turns all your data into nonsense.
Even if someone were to get their hands on your data, it would be useless.

2.1.1.1 Illustration of a VPN

Figure 5: illustration of a VPN

2.1.1.2 Types of VPNs

There are two main types of VPNs that people can use to securely
connect to corporate networks.

1. Remote Access VPN:

29
Written and presented by NOUNDOU NDJOMO Oceanne Chelsea
INSTALLATION AND CONFIGURATION OF A VPN WITH OPENVPN AND
AUTHENTICATION WITH LDAP

A remote access VPN allows the user to connect their device to a network
from outside their organization's office. This device-to-network approach
typically involves a user connecting their laptop, smartphone, or tablet to a
network through their VPN. Increasingly, advancements in VPN
technology make it possible to perform security checks to ensure that the
device is secure before getting permission to connect. Remote access VPNs
include cloud VPNs, which allow users to securely access apps and data
through their web browser.

2. Site-to-Site VPN:

A site-to-site VPN allows connections between multiple

networks. This network-to-network approach is typically used to
connect multiple offices or branch offices to a central office. Site-to-
site VPN encryption is useful for organizations with multiple offices
based in various geographic locations. It allows them to share
resources from a backbone network, such as email servers or data
storage facilities, across multiple locations. It also allows access to
all users as if the servers were located in the physical office.

2.1.1.3 The Benefits of a VPN

The advantages of a VPN;

• Secure encryption:
With the help of a VPN, your online activities are
camouflaged even on public networks.
• Secure Data Transfer:
To access the network, a VPN connection is often
required. VPN services connect to private servers and use encryption
methods to reduce the risk of data leakage.

30
Written and presented by NOUNDOU NDJOMO Oceanne Chelsea
INSTALLATION AND CONFIGURATION OF A VPN WITH OPENVPN AND
AUTHENTICATION WITH LDAP

• Access to regional content:

You can't access content that you view at home while
you're on the go, and you can't access international content from
home. Thanks to the VPN's location change, you can switch to a
server in another country and change your location.

2.1.1.44 The disadvantages of a VPN

• Slow connection:
The VPN routes the user's connection through a
remote server, which adds an intermediate step. This may explain
why the flow rate is slower and less stable.
• Legality:
VPNs have the disadvantage of not being legal in some
countries. Even though the majority of countries in the world allow
the use of a VPN, some countries prohibit it. This is the case in China
and Russia.
• The price:
The other disadvantage of VPNs is that the service is paid. If you
want a quality VPN, you'll need to sign up for a subscription. Of
course, there are free VPNs but it would be a mistake to opt for this
solution because the security is not there.

2.1.2 OpenVPN;

The OpenVPN protocol is open software for setting up

virtual private network techniques with secure connections
for configurations via routing, as well as for remote access.
The main goal of OpenVPN is to establish a VPN connection,

31
Written and presented by NOUNDOU NDJOMO Oceanne Chelsea
INSTALLATION AND CONFIGURATION OF A VPN WITH OPENVPN AND
AUTHENTICATION WITH LDAP

i.e., to create a tunnel between networks for secure data

transmission.

2.1.2.0 The Benefits of OpenVPN

• More robust security than most alternatives.

• The source code is open.
• Compatible with different devices.

2.1.2.1 OpenVPN's disadvantages

• OpenVPN requires manual configuration.

• OpenVPN is a resource consumer, especially on older hardware.
• The slower speed compared to WireGuard.

2.1.3 LDAP;

LDAP is an access protocol that uses a specific communication

language for directory services. A directory service is a storage system that
aggregates user accounts and passwords. In doing so, it makes the
information available to all users of the system accessible. With LDAP, it
is possible to communicate with other directory services servers, allowing
you to search for information or send queries to other entities on the
network. The goal is to make it easier to find, modify, or authenticate data
related to addresses or users. LDAP is used for companies that manage
large volumes of data. It is mainly found in the air transport or mobile
phone sector.

32
Written and presented by NOUNDOU NDJOMO Oceanne Chelsea
INSTALLATION AND CONFIGURATION OF A VPN WITH OPENVPN AND
AUTHENTICATION WITH LDAP

2.1.3.0 The Benefits of LDAP

• Scalability:

With LDAP, you can store distributed data.

• Powerful data structures:

LDAP adapts to queries that are regularly used in databases.

• Flexibility:

LDAP works on any directory system, whether centralized

or decentralized. Not to mention, it's compatible with open-source
software.

2.1.4 A firewall

A firewall is a computer network security system that

restricts Internet traffic in, out, or inside a private network. A
firewall works by selectively blocking or allowing data
packets. It is typically intended to prevent malicious activity
and prevent anyone, inside or outside a private network, from
engaging in unauthorized web activities.

2.1.4.0 Benefits of a Firewall

• Stops virus attacks:

Virus attacks are so dangerous that they can cripple any

organization's digital operations or your system much faster than you

33
Written and presented by NOUNDOU NDJOMO Oceanne Chelsea
INSTALLATION AND CONFIGURATION OF A VPN WITH OPENVPN AND
AUTHENTICATION WITH LDAP

can imagine. A firewall plays an important role in controlling the

entry points of users' systems and stopping virus attacks.

• Prevents hacking:

Businesses are rapidly moving towards digital operations,

unfortunately, the opportunities for online thieves to engage in unethical
practices are increasing significantly, leading to an increase in data theft.
Therefore, to get rid of these types of illegal activities, the use of firewalls
has become even more important, as they prevent hackers from gaining
unauthorized access to your data, systems.

• Promotes Privacy:

The firewall helps promote privacy to keep user data safe,

creating an environment that customers can trust.

2.1.4.1 The disadvantages of a firewall

• The price:

The investment price for implementing firewalls in network

systems depends solely on their type. In general, hardware firewalls
are more expensive than software firewalls because they require the
help of expert IT professionals to install and configure in network
systems.

• Performance :

The overall performance of a computer system is limited by

the use of software-defined firewalls. When a firewall runs in the
background of the system, it consumes more processing power and

34
Written and presented by NOUNDOU NDJOMO Oceanne Chelsea
INSTALLATION AND CONFIGURATION OF A VPN WITH OPENVPN AND
AUTHENTICATION WITH LDAP

RAM resources, which affects the overall performance of the

computer system.

• Operations complexes :

For a small organization, it's easy to bear the costs of

maintaining the firewall, but not for a large organization. Separate
staff are required to operate the firewall to ensure that it operates
effectively to protect the network from intruders, creating an
additional financial burden for the organization.

2.1.5 Comparison Between VPN Protocols

Here's a look at how VPN protocol compares

Protocols Popularity Security Speed

OpenVPN Very high Very high Fast

IKEv2 High High Fast

L2TP Weak High Slow

PPTP Weak Weak Fast

WireGuard Growing Very high Fast

SSTP Weak High Fast

35
Written and presented by NOUNDOU NDJOMO Oceanne Chelsea
INSTALLATION AND CONFIGURATION OF A VPN WITH OPENVPN AND
AUTHENTICATION WITH LDAP

I chose OpenVPN because it's fast and a lot of people use it because
it's secure compared to other VPN protocols

2.1.6 Comparing pfsense with Other Firewalls

Functionality PfSense Cisco Stormshield

License Open Source Owner Owner

Ease of use Average High Average

Adaptability High High High

Security Excellent Excellent Excellent

Price Weak High High

Community Active N/A Active

I chose PfSense because it's secure, easy to use, open source, and it
doesn't cost anything compared to other firewalls.

METHODOLOGICAL FRAMEWORK
A methodological framework for a report describes the
methods and procedures used to conduct a study or research. It is

36
Written and presented by NOUNDOU NDJOMO Oceanne Chelsea
INSTALLATION AND CONFIGURATION OF A VPN WITH OPENVPN AND
AUTHENTICATION WITH LDAP

essential to structure the way in which the research will be

conducted, detailing the approaches used to collect and analyse the
data.

2.2.1 Steps to Configure a VPN

• Create the CA. We use it to secure our VPN tunnel.

• Create a certificate (server certificate). This certificate will be used

for VPN streams

• Create a local user and their certificate. So that he can connect to the
VPN and encrypt the streams with his certificate.

• Create the OpenVPN server configuration. Here we will configure

the client-to-site VPN via OpenVPN

• Export the OpenVPN configuration to integrate it on a client

workstation

• Create OpenVPN firewall rules. Create one or more rules to allow

flows to enter and you need to create the rules on the pfsense firewall

• Authenticate with LDAP.

• Test remote access from a PC.

By following these steps, you will successfully

configure your tunnel.

37
Written and presented by NOUNDOU NDJOMO Oceanne Chelsea
INSTALLATION AND CONFIGURATION OF A VPN WITH OPENVPN AND
AUTHENTICATION WITH LDAP

PART THREE : PRACTICAL PART

3.0 INTRODUCTION
While the use of teleworking has intensified in recent
months, the demand for nomadic and remote access is growing. To
implement this type of access, you usually rely on your firewall. This
type of VPN is used to establish a direct link between the PC and the
company network, thanks to an encrypted and secure tunnel.

Figure 6: Architecture of a VPN

3.1 CERTIFICATE MANAGEMENT

3.1.1 Create the CA

To create the CA on pfSense you need to go to the menu:

system and then cert. Manager. In the "authorities" tab, click
on the "add" button. Give the CA a name, such as "CA-
CAMTEL." Choose the "CREATE AN INTERNAL
CERTIFICATE AUTHORITY" method. For the name that
will be displayed in the certificates, it is the "Common Name"
field, and I put "CAMTEL". Also fill in the other values such

38
Written and presented by NOUNDOU NDJOMO Oceanne Chelsea
INSTALLATION AND CONFIGURATION OF A VPN WITH OPENVPN AND
AUTHENTICATION WITH LDAP

as: country code, city, etc and click on "save" to create the
authorities. The CA should appear in the interface, like this:

3.1.2 Create the server certificate

We need to create a "server" certificate. Still in "cert.

Manager", go to the "certificates" tab click on the
"add/sign" button. Choose the "create an internal
certificate" method, give it a name, and choose the
certificate authority in the "certificate authority"
setting. Choose the following certificate type: "server
certificate" after clicking on "save" to validate the
creation of the certificate, it appears in the list of
certificates in the firewall:

39
Written and presented by NOUNDOU NDJOMO Oceanne Chelsea
INSTALLATION AND CONFIGURATION OF A VPN WITH OPENVPN AND
AUTHENTICATION WITH LDAP

3.2 CREATE LOCAL USERS

To create the user, you must indicate a username,
password, etc. as well as check the option "click to create a user
certificate": this will add the certificate creation form just below.
When the user is created, it appears in the local database like this:

3.3 CONFIGURE THE OPENVPN SERVER

Click on the "VPN" menu and then on
"OpenVPN"

In the "servers" tab, click on "add" to create a new configuration.

The first thing to do is to choose the following "server Mode":
"Remote Access (SSL/TSL+ User Auth). For the interface, we will

40
Written and presented by NOUNDOU NDJOMO Oceanne Chelsea
INSTALLATION AND CONFIGURATION OF A VPN WITH OPENVPN AND
AUTHENTICATION WITH LDAP

keep "WAN" since it is through this interface that we will connect

to remote access.

In the encryption part, you must select your certificate authority in

the "Peer certificate authority" field. Select the server certificate in
the "server certificate". For the encryption algorithm we can put the
AES-256-CBC. Now we set up our VPN tunnel. We will put an Ipv4
tunnel network of :10.10.10.0/24 then redirect our Ipv4 gateway by
checking this box. We will register an IPv4 local network of:192
.168.1.0/24 and put the number of VPN connections we want to
allow.

41
Written and presented by NOUNDOU NDJOMO Oceanne Chelsea
INSTALLATION AND CONFIGURATION OF A VPN WITH OPENVPN AND
AUTHENTICATION WITH LDAP

For client settings, check the "dynamic IP" option. At the

topology level, it is better to use the "net30-isolated /30 network per client"
topology. If you need to use the company's internal DNS resolution, check
the "provide a DNS server list to clients" option. Enter the IP address of
your DNS server below. In the "custom options" box, specify: auth-
nocache. Validate the configuration and your VPN configuration is ready.

3.4 EXPORT OPENVPN CONFIGURATION

To download the configuration in ". Ovvpn file, it is
necessary to install an additional package on our firewall. Go to the
following menu: System then to package manager then to
available packages. Search for "openvpn" and install the package:
openvpn-client-export.

42
Written and presented by NOUNDOU NDJOMO Oceanne Chelsea
INSTALLATION AND CONFIGURATION OF A VPN WITH OPENVPN AND
AUTHENTICATION WITH LDAP

When this is done, go back to the "openvpn" menu and then to the
"client export" tab. If you want to use the public IP address to
connect, use the "IP address interface" option for the "host name
resolution" option. Then click on "save as default". To use
OpenVPN community, you will need to take the "bundled
configuration", in archive format to retrieve all the necessary files.
The contents of the ZIP archive will be displayed.

3.5 CREATING FIREWALL RULES FOR OPENVPN

3.5.1 Allow openvpn stream

Click on the "firewall" menu and then "WAN". It is

necessary to create a new rule for the WAN interface, by
selecting the "UDP protocol". The destination will be our
public IP address so select "WAN address". Validate the
creation of the rule and apply the configuration.
43
Written and presented by NOUNDOU NDJOMO Oceanne Chelsea
INSTALLATION AND CONFIGURATION OF A VPN WITH OPENVPN AND
AUTHENTICATION WITH LDAP

3.5.2 Allow flows to resources

Add a new rule, this time on the OpenVPN interface. The

following rule is used to allow RDP access through the VPN tunnel. You
need to create multiple rules based on the resources your users need to
access through the VPN, limiting streams as much as possible. If you're
using your company's DNS through the VPN, consider allowing DNS flow
to your DNS server.

44
Written and presented by NOUNDOU NDJOMO Oceanne Chelsea
INSTALLATION AND CONFIGURATION OF A VPN WITH OPENVPN AND
AUTHENTICATION WITH LDAP

REFERENCES

https://techbits.fr

https://www.avast.com

https://www.journaldugeek.com

https://www.cyberuniversity.com

https://www.it-connect.fr

https://www.fortinet.com

https://www.kaspersky.fr

https://www.kaspersky.fr

45
Written and presented by NOUNDOU NDJOMO Oceanne Chelsea
INSTALLATION AND CONFIGURATION OF A VPN WITH OPENVPN AND
AUTHENTICATION WITH LDAP

PART TWO :

CHAPTER FOUR:

RECOMMENDATION AND CONCLUSION

46
Written and presented by NOUNDOU NDJOMO Oceanne Chelsea
INSTALLATION AND CONFIGURATION OF A VPN WITH OPENVPN AND
AUTHENTICATION WITH LDAP

RECOMMENDATION

• Implement regular monitoring of VPN connections for security

issues and performance.

• Back up your data and configurations to prevent loss in the event of

problems.

• Test VPN connections to make sure they're secure and stable.

• Update your software regularly and enforce security policies to

avoid vulnerabilities.

47
Written and presented by NOUNDOU NDJOMO Oceanne Chelsea
INSTALLATION AND CONFIGURATION OF A VPN WITH OPENVPN AND
AUTHENTICATION WITH LDAP

CONCLUSION

This internship in CAMTEL helped me to know more about CAMTEL,

what CAMTEL offers and produces, the structure of CAMTEL and to
know more about VPNs. How to centralized access, have secure
connection and secure communication between two people far away from
each other. VPN helps to create a secure and reliable private network. This
theme is a robust and secure solution for businesses looking to protect their
data and communications.

48
Written and presented by NOUNDOU NDJOMO Oceanne Chelsea