Restart the OpenVPN server to apply the changes.Enable client username and password authentication, by adding auth-user-pass:.Turn off the certificate authentication on the client side:Įxample: port 1194 proto tcp dev tun ca ca.crt cert server.crt key server.key # This file should be kept secret dh dh.pem plugin /usr/lib/openvpn/openvpn-auth-radius.so /etc/openvpn/radiusplugin.cnf login server 10.8.0.0 255.255.255.0 ifconfig-pool-persist /var/log/openvpn/ipp.txt username-as-common-name keepalive 10 120 client-cert-not-required cipher AES-256-GCM user nobody group nogroup persist-key persist-tun status /var/log/openvpn/openvpn-status.log log /var/log/openvpn/openvpn.log log-append /var/log/openvpn/openvpn.log verb 6 explicit-exit-notify 0.Enforce to use username and password for authentication:.Plugin /usr/lib/openvpn/openvpn-radius-ldap.so /etc/openvpn/radiusplugin.cnf login Path of the configuration file, to read the attributes and use it to authenticate users.Add the following to the OpenVPN server configuration file, nf: Is it possible to use OpenVPN Connect v3 to connect to a Community version of an OpenVPN server (not OpenVPN Access server) Edit: here are some symptoms I encountered while testing.RADIUS shared secret, which is configured on the LastPass Universal Proxy.Įxample: NAS-Identifier=OpenVpn Service-Type=5 Framed-Protocol=1 NAS-Port-Type=5 NAS-IP-Address= OpenVPNConfig=/etc/openvpn/server/nf overwriteccfiles=true server IP Address or DNS name of Universal Proxy. Configure the OpenVPN server for RADIUS authentication using the radiusplugin.cnf file.
Result: The OpenVPN RADIUS authentication configuration file, radiusplugin.cnf will be installed.
Install the OpenVPN RADIUS plugin, openvpn-auth-radius, on your server to get the required libraries and configuration files.Therefore, increased waiting time can be expected.
Note: As OpenVPN Community Edition handles the incoming authentication requests in a single thread, one client can log in at a time.