HELP FILE

OpenVPN Access Server VPN configuration for the LastPass Universal Proxy LDAPS protocol on Linux

OpenVPN Access Server VPN configuration for the LastPass Universal Proxy LDAPS protocol on Linux

    This is a step-by-step description of how to configure OpenVPN Access Server for LastPass Universal Proxy using the LDAPS protocol, in order to set LastPass MFA as a secondary authentication method. The following steps contain the Universal Proxy related settings.

    Note: As OpenVPN Access Server handles the incoming authentication requests in a single thread, one client can log in at a time. Therefore, increased waiting time can be expected.
    1. Log in to the OpenVPN Admin Web UI.
    2. Select Authentication > LDAP in the left menu.
    3. In the LDAP Settings area, set the following fields:

      Primary Server
      Add the IP address of Universal Proxy.
      Use SSL to connect to LDAP servers
      Switch the toggle button to Yes.
      Case-sensitive login
      Switch the toggle button to Yes.
      Use these credentials:
      Switch the toggle button to Yes.
      Bind DN:
      Add the admin user name configured for LDAP authentication in the following format: CN=Admin,CN=Users,DC=domain,DC=country_code
      Password:
      Enter the LDAP admin user password.
      Base DN for User Entries:
      Enter the Base DN under which the users are located, in the following format: DC=domain,DC=country_code.
      Username Attribute:
      UID

    4. Click Save Settings.
    5. Click Update Running Server.
    6. Increase the authentication timeout to 61 seconds.

      You can only change the authentication timeout settings from CLI:

      Run the following command as a root user:

      /usr/local/openvpn_as/scripts/sacli --key "auth.ldap.0.timeout" --value "61" configput
      service openvpnas restart

    Results: Your OpenVPN Access Server is now configured to use LDAPS protocol for authentication.