OpenVPN Access Server VPN configuration for the LastPass Universal Proxy RADIUS protocol
This is a step-by-step description of how to configure OpenVPN Access Server for LastPass Universal Proxy using the RADIUS protocol, in order to set LastPass MFA as a secondary authentication method. The following steps contain the Universal Proxy related settings.
Note: Only Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP) modes are supported by the service.
Note: As OpenVPN Access Server handles the incoming authentication requests in a single thread, one client can log in at a time. Therefore, increased waiting time can be expected.
- Log in to the OpenVPN Admin Web UI.
in the left menu.
- In the RADIUS Authentication Method area, set the following fields:
- Switch the toggle button to Yes.
- In the RADIUS Settings area, set the following fields:
- Hostname or IP Address
- Add the IP address of Universal Proxy.
- Shared Secret
- Enter the RADIUS shared secret, which is configured on the LastPass Universal Proxy.
- Authentication Port
- Accounting Port
- Click Save Settings.
- Click Update Running Server.
- Increase the authentication timeout to 61 seconds.
You can only change the authentication timeout settings from CLI:
Run the following command as a root user:
/usr/local/openvpn_as/scripts/sacli --key "auth.radius.0.per_server_timeout" --value "61" configput service openvpnas restart
- If the RADIUS module is not already in use, click Use RADIUS then Update Running Server.
Results: Your OpenVPN Access Server is now configured to use RADIUS protocol for authentication.