OpenVPN

Introduction

Multi-Factor Authentication (MFA) is an extra layer of security used when logging into websites or apps. Individuals are authenticated through more than one required security and validation procedure that only you know or have access to.

RADIUS is a protocol commonly used to authenticate, authorize, and account for user access and actions. Acceptto offers a simple solution for adding multi-factor authentication (MFA) to OpenVPN via its Radius solution. This step by step integration instruction illustrates how to configure both OpenVPN Access Server and Acceptto appliance using RADIUS.

Pre-Requisites
  1. An Acceptto Appliance connected to your user directory (for example Microsoft ‘Active DirectoryTM’).
  2. The user population that is going to be authenticated via RADIUS must be enrolled in the It’s Me Application.
  3. A user with administrative privileges for the OpenVPN panel.
  4. A user with administrative privileges for the Acceptto Appliance.
Configure the Acceptto Appliance RADIUS interface
  1. Login to the Acceptto Appliance admin panel with an administrative account, select RADIUS, and enter the following values.
    • NETBIOS domain - enter the NETBIOS domain name.
    • Assigned Computer Name - Enter the computer name that you want to be created in Active Directory.
    • REALM - Enter the realm that is appended to your username. Usually, this is your domain name.
    • MFA Active Directory Group - Enter the LDAP group that contains the users that can login via MFA (note that by default users outside of this group will have their access denied).
    • MFA Login message - enter the message that your users are going to see on the It’sMe mobile application.
    • Radius eGuardian UID - enter the UID of Radius application in your eGuardian Admin Panel.
    • Radius eGuardian Secret - enter the Secret of Radius application in your eGuardian Admin Panel.
  2. Click Save Changes.
OpenVPN Radius Configuration

Go to your OpenVPN web-based management interface. Navigate to Authentication (under User Management) and click Radius. Enter the IP address or hostname of Acceptto Appliance.

Test your setup
  1. Enter your credential on OpenVPN client connect. You will receive a push notification on your It’sMe mobile application to authorize access to your OpenVPN server.
Support

If you require assistance, please email us at support@acceptto.com

Sales

Want to learn more about our MFA solutions? Contact our Professional Services for a Demo today.

Disclaimer

All product names, trademarks, and registered trademarks are the property of their respective owners.

All company, product, and service names used in this document are for identification purposes only. The use of these names, trademarks, and brands do not constitute an endorsement by the Acceptto Corporation.

OpenVPN is either registered trademarks or trademarks of OpenVPN Inc. and/or one or more of its subsidiaries in the United States and/or other countries.

Microsoft and 'Active Directory' are either registered trademarks or trademarks of Microsoft and/or one or more of its subsidiaries in the United States and/or other countries.