Skip to main content

OpenVPN

Introduction#

Multi-Factor Authentication (MFA) is an extra layer of security used when logging into websites or apps. Individuals are authenticated through more than one required security and validation procedure that only they know or have access to.

RADIUS is a protocol commonly used to authenticate, authorize, and account for user access and actions. Acceptto offers a simple Radius solution for adding multi-factor authentication (MFA) to OpenVPN. This step- by-step integration guide illustrates how to configure both the OpenVPN Access Server and Acceptto RADIUS MFA authentication solution.

Pre-Requisites#

  1. An Acceptto RADIUS Agent that is configured and connected to your user directory (for example Microsoft™ ‘Active Directory™’) (See this page for the instructions).
  2. A user with administrative privileges for the OpenVPN panel.

Configure the Acceptto RADIUS Agent#

To integrate Acceptto with your OpenVPN Access server, you will need to install an Acceptto RADIUS Agent on a machine within your network. This server will receive RADIUS requests from your OpenVPN Access server, check with LDAP server to perform primary authentication, and then contact Acceptto cloud service for secondary authentication.

  1. Log into the Acceptto RADIUS Agent with an administrative user and open the radius-agent-config.env file with an editor. It is located in the installed directory of RADIUS Agent. RADIUS clients are configured in this setting.

    Acceptto radius configuration

  2. Go to the bottom of radius-agent-config.env file and change the ARA_CLIENTS attribute as follows. The values should be separated by semicolons (;).

    ARA_CLIENTS = An optional name for your OpenVPN Server; IP address of your OpenVPN Server; a shared secret

    An example configuration might look like this:

    ARA_CLIENTS = OpenVPN;192.168.1.40/32;testing12345

    Acceptto radius configuration

  3. Save the file and run the following command to set changes:

    docker-compose down && docker-compose up -d

OpenVPN™ Access Server Radius Configuration#

  1. Log into the OpenVPN Access Server web-based admin portal with an administrative user.

  2. Navigate to Authentication (under User Management).

  3. Click Radius and enter the IP address or hostname of Acceptto Radius Agent.

    OpenVPN Radius config

  4. Click on Save Settings.

Test your setup#

  1. Enter your credentials on OpenVPN client connect. You will receive a push notification on your It’sMe mobile application to authorize access to your OpenVPN server.

    OpenVPN login form

  2. Approve the authentication request to be logged in.

    It'sMe transaction

Support#

If you require assistance, please email us at support@acceptto.com

Sales#

Want to learn more about our MFA solutions? Contact our Professional Services for a Demo today.

Disclaimer#

All product names, trademarks, and registered trademarks are the property of their respective owners.

All company, product, and service names used in this document are for identification purposes only. The use of these names, trademarks, and brands do not constitute an endorsement by the Acceptto Corporation.