12.5 Configuring Integration with OpenVPN
These instructions will help you to configure integration of Advanced Authentication Appliance Edition with the OpenVPN virtual appliance to refuse non-secure passwords in OpenVPN connection.
The advanced authentication in OpenVPN is represented on the following diagram.
To get started, ensure that you have:
-
OpenVPN v2 appliance (version 2.0.10 was used to prepare these instructions)
-
Advanced Authentication v5 appliance with the already configured repository
Configure the Advanced Authentication RADIUS server:
-
Open the Advanced Authentication Admin Interface.
-
Go to the section.
-
Open properties of the event.
-
Set the event to the mode.
-
Select one or more chains from the list of chains (make sure that they are enabled and set to the users group in the section).
-
Add a , enter an IP address of the OpenVPN appliance, specify a secret, confirm it and set the option.
-
Click the button in the string. Click the button at the bottom of the view to save changes.
Configure the OpenVPN appliance:
-
Open the site.
-
Go to the - section.
-
Enable the authentication.
-
Select authentication method.
-
Add an IP address of the Advanced Authentication v5 appliance and enter the secret.
If you have one chain selected in the settings, to connect to OpenVPN, please enter the <repository name>\<username> or only <username> if you have set the default repo name in section of the Advanced Authentication v5 appliance.
If you have multiple chains selected, to connect to OpenVPN, in the username field after the entered <username> and space you need to enter a of the necessary chain (the can be selected in section of the Advanced Authentication v5 appliance).
Please note that some of the available authentication methods require correct time on the OpenVPN appliance. You can sync the time of the OpenVPN appliance using the following commands:
/etc/init.d/ntp stop
/usr/sbin/ntpdate pool.ntp.org