Subscribe to Help Center RSS FeedºÚÁϺ£½Ç91Èë¿Ú RADIUS gives you the power and security of RADIUS network authentication without the need for physical servers. Learn how to configure OpenVPN Access Server to use ºÚÁϺ£½Ç91Èë¿Ú RADIUS for authentication.
Prerequisites:
- A configured ºÚÁϺ£½Ç91Èë¿Ú RADIUS server using the public IP address of your OpenVPN appliance. See RADIUS Configuration and Authentication to learn more.
Considerations:
- When using MFA for RADIUS authentication with OpenVPN:
- Push MFA (ºÚÁϺ£½Ç91Èë¿Ú Protect) using MS-CHAPv2 is the recommended RADIUS authentication method in the OpenVPN configuration.
- TOTP MFA is not recommended for security reasons. See Authenticate to RADIUS with MFA to learn more.
Configuring OpenVPN for RADIUS Authentication
To configure OpenVPN Access Server to use ºÚÁϺ£½Ç91Èë¿Ú RADIUS:
- Sign in to OpenVPN Admin Web UI.
- Go to Authentication > RADIUS.
- Toggle On Enable RADIUS Authentication.
- Under RADIUS Server, enter the ºÚÁϺ£½Ç91Èë¿Ú RADIUS server IP addresses. See ºÚÁϺ£½Ç91Èë¿Ú RADIUS Server Details to learn more.
Use multiple ºÚÁϺ£½Ç91Èë¿Ú RADIUS IPs for redundancy.
- Enter the Shared Secret from your ºÚÁϺ£½Ç91Èë¿Ú RADIUS server. To view the Shared Secret:
- Log in to the .
- Select USER AUTHENTICATION > RADIUS from the left-hand navigation.
- Click to select a configured RADIUS server.
- The Shared Secret is below Server Name. Click the eye to make the characters visible.
- Under RADIUS Authentication Method, select MS-CHAP v2.
MS-CHAP v2 is the recommended authentication method.
- Click Save Settings and Update Running Server.
- Set RADIUS as the Access Server authentication method. See OpenVPN’s to learn more.
Testing OpenVPN Authentication
The OpenVPN Access Server provides the command line utility "authcli" to validate your ºÚÁϺ£½Ç91Èë¿Ú authentication and authorization configuration.
PATH: /³Ü²õ°ù/±ô´Ç³¦²¹±ô/´Ç±è±ð²Ô±¹±è²Ô³å²¹²õ/²õ³¦°ù¾±±è³Ù²õ/²¹³Ü³Ù³ó³¦±ô¾±Ìý
USAGE: authcli --user ºÚÁϺ£½Ç91Èë¿Ú_Username
Troubleshooting OpenVPN Authentication and Authorization
For additional diagnostic information, you can enable Debug Level logging in the OpenVPN Access Server 'as.conf' configuration file, restart the service and review the log messages within the default "/var/log/openvpnas.log" file.
$ sudo echo "DEBUG_AUTH=true" >> /user/local/openvpn_as/etc/as.conf
$ sudo service openvpnas restart
When troubleshooting is complete, edit the configuration file to comment out the DEBUG reference, and restart the service to return to normal operation.
#DEBUG_AUTH=true
$ sudo service openvpnas restart
For additional information on troubleshooting authentication and enabling debug level logging, see to learn more.
In this Article
Learn More