ºÚÁϺ£½Ç91Èë¿Ú

Help Center Home > Authentication > Configure OpenVPN to Use Cloud LDAP

Configure OpenVPN to Use Cloud LDAP

You can configure OpenVPN to use ºÚÁϺ£½Ç91Èë¿Ú's LDAP-as-a-Service, which will perform user authentication and authorization. OpenVPN is an open source connection protocol that facilitates a secure tunnel between two points in a network. It's a trusted technology used by many virtual private networks (VPNs), to ensure that data sent over the internet is encrypted and private.

Prerequisites:

  • ³§±ð±ðÌýUse Cloud LDAPÌýto obtain the ºÚÁϺ£½Ç91Èë¿Ú specific settings required below.

Version Details:

  • Configuration options were qualified using theÌýÌýv 2.6.1 via theÌýincluded Admin UI and theÌý.

Configuring OpenVPN for LDAP Authentication and Authorization

LDAP Settings:

  • Primary server:Ìý
  • Use SSL to connect to LDAP servers: On
  • Credentials for Initial Bind:Ìý‘Use these credentials’ select On
  • Bind DN:Ìýuid=LDAP_BINDING_USER,ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com
  • Password:ÌýLDAP_BINDING_USER_PASSWORD
  • Username Attribute:Ìýuid
  • (Optional) Group Setting:
    • You can add a requirement for LDAP group membership to controlÌýuser access. To leverage LDAP Groups, seeÌýCreate an LDAP Group.
  • Additional LDAP Requirement: memberOf=cn=GROUP_NAME,ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com
OpenVPN LDAP server configuration settings.

Testing OpenVPN Authentication and Authorization

The OpenVPN Access Server provides a command line utility "authcli" that can be used to validate your ºÚÁϺ£½Ç91Èë¿Ú Directory-as-a-Service authentication and authorization configuration.ÌýÌý

PATH: /usr/local/openvpn_as/scripts/authcli
USAGE: authcli --userÌýºÚÁϺ£½Ç91Èë¿Ú_Username

Testing OpenVPN LDAP authentication via terminal.

Troubleshooting OpenVPN Authentication and Authorization

For additional diagnostic information, you can enable Debug Level logging within the OpenVPN Access Server 'as.conf' configuration file, restart the service and review the verbose log messages within the default "/var/log/openvpnas.log" file.

$ sudo bash -c "echo "DEBUG_AUTH=true" >> /usr/local/openvpn_as/etc/as.conf
$ sudo service openvpnas restart

After you finish troubleshooting, edit the configuration file to comment out the DEBUG reference and restart the service to return to normal operation.

#DEBUG_AUTH=true
$ sudo service openvpnas restart

OpenVPN Documentation

Review the OpenVPN site for documentation on troubleshooting authentication and enabling debug level logging.

  •  (authcli)
Back to Top

List IconIn this Article

Notebook IconLearn More

Use Cloud LDAP

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case