OpenVPN Access Server VPN configuration for the LastPass Universal Proxy RADIUS protocol

This is a step-by-step description of how to configure OpenVPN Access Server for LastPass Universal Proxy using the RADIUS protocol, in order to set LastPass MFA as a secondary authentication method. The following steps contain the Universal Proxy related settings.

Note: Only Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP) modes are supported by the service.

Note: As OpenVPN Access Server handles the incoming authentication requests in a single thread, one client can log in at a time. Therefore, increased waiting time can be expected.

Log in to the OpenVPN Admin Web UI.
Select Authentication > RADIUS in the left menu.
In the RADIUS Authentication Method area, set the following fields:

PAP

Switch the toggle button to Yes.
In the RADIUS Settings area, set the following fields:

Hostname or IP Address

Add the IP address of Universal Proxy.

Shared Secret

Enter the RADIUS shared secret, which is configured on the LastPass Universal Proxy.

Authentication Port

1812

Accounting Port

1813
Click Save Settings.
Click Update Running Server.
Increase the authentication timeout to 61 seconds.
You can only change the authentication timeout settings from CLI:

Run the following command as a root user:
```
/usr/local/openvpn_as/scripts/sacli --key "auth.radius.0.per_server_timeout" --value "61" configput
service openvpnas restart
```
If the RADIUS module is not already in use, click Use RADIUS then Update Running Server.

Results: Your OpenVPN Access Server is now configured to use RADIUS protocol for authentication.