VPN – OpenVPN

In this topic, you will set up the OpenVPN Access Server to use the Portnox Cloud RADIUS servers for authentication.

Important:
This guide gives general instructions for integrating Portnox Cloud with specific third-party devices. We try to provide useful examples for common models, but settings can differ between manufacturers, models, and environments. Because of this, we cannot guarantee these steps will work in every case. For questions or problems with RADIUS setup – which is an industry standard and not specific to Portnox – or with device-specific settings and troubleshooting, we recommend checking the device manufacturer’s documentation and contacting their support team. Portnox Support can help when possible, but detailed setup of third-party devices is usually best handled by the manufacturer. We also recommend updating your NAS device firmware to the latest version, as old firmware can cause issues.
Important:
All values in this configuration are examples. Make sure to adjust the configuration to your individual profile names, RADIUS server addresses, ports, and keys by replacing the values that are presented as underlined italics.

Configure the OpenVPN Access Server

In this section, you will add the Portnox Cloud RADIUS server information to the OpenVPN Access Server configuration and set RADIUS as the default authentication method.

  1. Open your OpenVPN Access Server administration interface in your web browser and log in as the OpenVPN administrator.

    Use the IP address or the FQDN and the port that you configured for your Access Server when you installed it.

  2. In the left-hand side menu, select the AUTHENTICATION > RADIUS option.

  3. In the RADIUS Authentication pane, in the RADIUS Settings section, activate the switches next to the following options: Enable RADIUS Authentication and Enable RADIUS Accounting reports.

  4. In the RADIUS Server section, enter the IP addresses, port numbers, and shared secrets for your Portnox Cloud RADIUS servers and/or the local RADIUS server.
    Important:
    The IP addresses, port numbers, and shared secret values on screenshots are examples. Replace them with your individual IP addresses, port numbers, and shared secrets from your Portnox Cloud configuration.

  5. Scroll down to the RADIUS Authentication Method section and select the authentication method (EAP method) that is supported by your authentication directory.
    Note:
    If you use an online authentication provider such as Entra ID and Google Workspace, select PAP. If you use local Active Directory, select MS-CHAP v2.

  6. Click on the Save Settings button to save your configuration.

  7. Click on the Update Running Server button to update your running server with the new configuration.

  8. In the left-hand side menu, select the AUTHENTICATION > SETTINGS option.

  9. In the User Authentication pane, in the Default Authentication System section, select the RADIUS option.

  10. Optional: If you want to use multi-factor authentication for all OpenVPN accounts (this includes the administrative interface access), in the TOTP Multi-Factor Authentication section, activate the Enable TOTP Multi-Factor Authentication switch.

    Note:
    You can also turn in multi-factor authentication for individual users.
  11. Scroll all the way down the pane and click on the Save Settings button.

Test your connection using the OpenVPN client

In this section, you will optionally test your configuration by establishing a VPN connection to the server from a client machine using the OpenVPN client.

Note:
In this example, we are showing how to establish the connection from a Windows system, but the OpenVPN client is available for many platforms.
  1. On the client computer, open the OpenVPN Access Server user interface in a web browser and log in using an account managed by Portnox Cloud.

    Use the IP address or the FQDN and the port that you configured for your Access Server when you installed it.

  2. Optional: If you turned on multi-factor authentication, you will see a QR code to scan using your selected authenticator app. Scan the QR code and then enter the 6-digit code from the authenticator app.

  3. Download the OpenVPN Connect client for your operating system. Then, install the client.

    OpenVPN detects your operating system and suggests the correct client.

  4. Scroll down the web page and click on the Profiles Management button.

  5. In the Create a New Profile pane, click on the Create button.

    OpenVPN will generate a profile for you. Download it and save it on your local disk.

  6. Open the OpenVPN Connect client. Click on the Browse button to select the profile you downloaded in the previous step.

  7. Click on the Connect button.

  8. Enter the password to the account managed by Portnox Cloud and then click on the OK button.

  9. Optional: If you turned on multi-factor authentication, enter the 6-digit code from your authenticator app, and then click on the SEND button.

Result: The VPN connection is established successfully.