VPN – OpenVPN

In this topic, you will set up the OpenVPN Access Server to use the Portnox Cloud RADIUS servers for authentication.

Configure the OpenVPN Access Server

In this section, you will add the Portnox Cloud RADIUS server information to the OpenVPN Access Server configuration and set RADIUS as the default authentication method.

  1. Open your OpenVPN Access Server administration interface in your web browser and log in as the OpenVPN administrator.

    Use the IP address or the FQDN and the port that you configured for your Access Server when you installed it.

  2. In the left-hand side menu, select the AUTHENTICATION > RADIUS option.

  3. In the RADIUS Authentication pane, in the RADIUS Settings section, activate the switches next to the following options: Enable RADIUS Authentication and Enable RADIUS Accounting reports.

  4. In the RADIUS Server section, enter the IP addresses, port numbers, and shared secrets for your Portnox Cloud RADIUS servers and/or the local RADIUS server.
    Important: The IP addresses, port numbers, and shared secret values on screenshots are examples. Replace them with your individual IP addresses, port numbers, and shared secrets from your Portnox Cloud configuration.

  5. Scroll down to the RADIUS Authentication Method section and select the authentication method (EAP method) that is supported by your authentication directory.
    Note: If you use an online authentication provider such as Entra ID and Google Workspace, select PAP. If you use local Azure Directory, select MS-CHAP v2.

  6. Click on the Save Settings button to save your configuration.

  7. Click on the Update Running Server button to update your running server with the new configuration.

  8. In the left-hand side menu, select the AUTHENTICATION > SETTINGS option.

  9. In the User Authentication pane, in the Default Authentication System section, select the RADIUS option.

  10. Scroll all the way down the pane and click on the Save Settings button.

Test your connection using the OpenVPN client

In this section, you will optionally test your configuration by establishing a VPN connection to the server from a client machine using the OpenVPN client.

Note: In this example, we are showing how to establish the connection from a Windows system, but the OpenVPN client is available for many platforms.
  1. On the client computer, open the OpenVPN Access Server user interface in a web browser and log in using an account managed by Portnox Cloud.

    Use the IP address or the FQDN and the port that you configured for your Access Server when you installed it.

  2. Download the OpenVPN Connect client for your operating system. Then, install the client.

    OpenVPN detects your operating system and suggests the correct client.

  3. Scroll down the web page and click on the Profiles Management button.

  4. In the Create a New Profile pane, click on the Create button.

    OpenVPN will generate a profile for you. Download it and save it on your local disk.

  5. Open the OpenVPN Connect client. Click on the Browse button to select the profile you downloaded in the previous step.

  6. Click on the Connect button.

  7. Enter the password to the account managed by Portnox Cloud and then click on the OK button.

Result: The VPN connection is established successfully.