Skip to main content

OpenVPN RADIUS integration

Multi-Factor Authentication (MFA) is an extra layer of security used when logging into websites or apps. Individuals are authenticated through more than one required security and validation procedure that only they know or have access to.

Remote Authentication Dial-In User Service (RADIUS) is a protocol commonly used to authenticate, authorize, and account for user access and actions.

Arculix offers a simple RADIUS solution for adding multi-factor authentication (MFA) to OpenVPN. This step-by-step integration guide illustrates how to configure both the OpenVPN Access Server and Arculix RADIUS MFA authentication solution.

Prerequisites

  • Arculix RADIUS Agent that is configured and connected to your user directory. For example, Microsoft Active Directory (AD).

    For more information, see the Arculix RADIUS Agent deployment guide.

  • User account with administrative privileges for the OpenVPN panel.

Arculix RADIUS Agent configuration

To integrate Arculix with your OpenVPN Access server, you install an Arculix RADIUS Agent on a machine within your network. This server will receive RADIUS requests from your OpenVPN Access server, check with LDAP server to perform primary authentication, and then connect with the Arculix cloud service for secondary authentication.

Follow these steps to configure the Arculix RADIUS Agent.

  1. Log in to the Arculix RADIUS Agent as an administrator.

  2. Open the radius-agent-config.env file with an editor.

    The file is located in the installed directory of RADIUS Agent. RADIUS clients are configured in this setting.

    Acceptto RADIUS agent
  3. At the end of the radius-agent-config.env file, set the following configuration for the ARA_CLIENTS attribute:

    Note

    The values should be separated by semicolons (;).

    ARA_CLIENTS=<An optional name for your OpenVPN>;<Internal IP address of your OpenVPN>;<a shared secret>

    For example, set:

    ARA_CLIENTS=OpenVPN;192.168.1.50/32;testing12345
    ARA_CLIENTS configuration
  4. Save the file.

  5. Run the following command to apply the changes:

    docker-compose down && docker-compose up -d

OpenVPN Access Server configuration

  1. Log in to the OpenVPN Access Server web-based admin portal as an administrative user.

  2. In the left menu, go to Authentication > RADIUS.

    OpenVPN_Radius_Replacement_3.png
  3. Enable RADIUS authentication as follows:

    1. Click RADIUS and enter the Hostname or IP address of the Arculix RADIUS Agent.

    2. Tab to the next field and enter the Shared Secret.

    OpenVPN_Radius_Replacement_4.png
  4. Save your changes.

  5. Go to User Management > User Permissions.

  6. Make the following configurations:

    • Click the More Settings icon for the username.

    • Select the RADIUS option.

    OpenVPN_Radius_Replacement_5.png
  7. Save your changes.

Test your application integration

  1. On OpenVPN client connect, enter your credentials.

    OpenVPN_Radius_Replacement_6.png
  2. The Arculix Mobile app receives a push notification for your approval to log in.

    arculix_mobile_app_010.png
  3. Approve the request; you are redirected to OpenVPN.

Support

If you have questions or need assistance, contact SecureAuth Support.

Sales

Want to learn more about our MFA solutions? Contact our Professional Services for a demo today.

Disclaimer

All product names, trademarks, and registered trademarks are the property of their respective owners.

All company, product, and service names used in this document are for identification purposes only. The use of these names, trademarks, and brands do not constitute an endorsement by the SecureAuth Corporation.