HELP FILE

OpenVPN Access Server VPN configuration for the LastPass Universal Proxy LDAP protocol on Linux

OpenVPN Access Server VPN configuration for the LastPass Universal Proxy LDAP protocol on Linux

    This is a step-by-step description of how to configure OpenVPN Access Server for LastPass Universal Proxy using the LDAP protocol, in order to set LastPass MFA as a secondary authentication method. The following steps contain the Universal Proxy related settings.

    Note: As OpenVPN Access Server handles the incoming authentication requests in a single thread, one client can log in at a time. Therefore, increased waiting time can be expected.
    1. Log in to the OpenVPN Admin Web UI.
    2. Select Authentication > LDAP in the left menu.

    3. In the LDAP Settings area, set the following fields:

      Primary Server
      Add the IP address of Universal Proxy.
      Case-sensitive login
      Switch the toggle button to Yes.
      Use these credentials:
      Switch the toggle button to Yes.
      Bind DN:
      Add the admin user name configured for LDAP authentication in the following format: CN=Admin,CN=Users,DC=domain,DC=country_code
      Password:
      Enter the LDAP admin user password.
      Base DN for User Entries:
      Enter the Base DN under which the users are located, in the following format: DC=domain,DC=country_code.
      Username Attribute:
      UID

    4. Click Save Settings.
    5. Click Update Running Server.
    6. Increase the authentication timeout to 61 seconds.

      You can only change the authentication timeout settings from CLI:

      Run the following command as a root user:

      /usr/local/openvpn_as/scripts/sacli --key "auth.ldap.0.timeout" --value "61" configput
      service openvpnas restart

    7. If the LDAP module is not already in use click Use LDAP then Update Running Server.
    Results: Your OpenVPN Access Server is now configured to use LDAP protocol for authentication.