This section provides the configuration information on integrating Advanced Authentication with OpenVPN virtual appliance. This integration secures the OpenVPN connection.
The following diagram represents Advanced Authentication in OpenVPN.
To configure the Advanced Authentication integration with OpenVPN perform the following configuration tasks:
Ensure that the following requirements are met:
OpenVPN v2 appliance (version 2.0.10 was used to prepare these instructions) is installed.
Advanced Authentication v5 appliance with a configured repository is installed.
You can watch the OpenVPN integration video here:
Open the Advanced Authentication Administration portal.
Move one or more chains fromto list. Ensure that the chains are assigned to the appropriate group of users in of the section.
Specify anof the OpenVPN appliance.
Specifyof the Client.
Specify a secret and confirm it.
Click icon to save the Client details.
Add an IP address of the Advanced Authentication v5 appliance and specify the secret.
You must specify the <repository name>\<username> or only <username>, if you have set the following configurations:
You have selected a chain from thesection in the settings for connecting to OpenVPN.
You have set the default repository name inof the Advanced Authentication v5 appliance.
If you have assigned multiple chains in the <username>&<chain shortname> in the .section of the RADIUS event for connecting to OpenVPN, then you must specify
NOTE:For some authentication methods, the correct time must be configured on the OpenVPN appliance. You can sync the time of the OpenVPN appliance using the following commands:
Issue: While authenticating with the SMS method to connect to OpenVPN, after three successful authentications the user account is locked by OpenVPN.
Workaround: OpenVPN assumes each attempt of the challenge response (request of additional data in chain) as an error.
To resolve the issue, you must change the number of failures that can be accepted. For more information, see Authentication failure lockout policy.