HELP FILE

OpenVPN Access Server VPN configuration for the LastPass Universal Proxy LDAPS protocol on Linux

    This is a step-by-step description of how to configure OpenVPN Access Server for LastPass Universal Proxy using the LDAPS protocol, in order to set LastPass MFA as a secondary authentication method. The following steps contain the Universal Proxy related settings.

    Note: As OpenVPN Access Server handles the incoming authentication requests in a single thread, one client can log in at a time. Therefore, increased waiting time can be expected.
    1. Log in to the OpenVPN Admin Web UI.
    2. Select Authentication > LDAP in the left menu.
    3. In the LDAP Settings area, set the following fields:

      Primary Server
      Add the IP address of Universal Proxy.
      Use SSL to connect to LDAP servers
      Switch the toggle button to Yes.
      Case-sensitive login
      Switch the toggle button to Yes.
      Use these credentials:
      Switch the toggle button to Yes.
      Bind DN:
      Add the admin user name configured for LDAP authentication in the following format: CN=Admin,CN=Users,DC=domain,DC=country_code
      Password:
      Enter the LDAP admin user password.
      Base DN for User Entries:
      Enter the Base DN under which the users are located, in the following format: DC=domain,DC=country_code.
      Username Attribute:
      UID

    4. Click Save Settings.
    5. Click Update Running Server.
    6. Increase the authentication timeout to 61 seconds.

      You can only change the authentication timeout settings from CLI:

      Run the following command as a root user:

      /usr/local/openvpn_as/scripts/sacli --key "auth.ldap.0.timeout" --value "61" configput
      service openvpnas restart

    Results: Your OpenVPN Access Server is now configured to use LDAPS protocol for authentication.