{"id":111731,"date":"2024-06-21T12:30:18","date_gmt":"2024-06-21T16:30:18","guid":{"rendered":"https:\/\/jumpcloud.com\/?post_type=support&#038;p=111731"},"modified":"2024-06-25T09:57:45","modified_gmt":"2024-06-25T13:57:45","slug":"configure-openvpn-access-server-cloud-radius","status":"publish","type":"support","link":"https:\/\/jumpcloud.com\/support\/configure-openvpn-access-server-cloud-radius","title":{"rendered":"Configure OpenVPN Access Server to Use Cloud RADIUS"},"content":{"rendered":"\n<p>JumpCloud RADIUS gives you the power and security of RADIUS network authentication without the need for physical servers. Learn how to configure OpenVPN Access Server to use JumpCloud RADIUS for authentication.<\/p>\n\n\n\n<p><strong>Prerequisites<\/strong>:<\/p>\n\n\n\n<ul>\n<li>A configured JumpCloud RADIUS server using the public IP address of your OpenVPN appliance. See <a href=\"https:\/\/jumpcloud.com\/support\/radius-configuration-and-authentication\">RADIUS Configuration and Authentication<\/a> to learn more.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p><strong>Considerations<\/strong>:&nbsp;<\/p>\n\n\n\n<ul>\n<li>When using MFA for RADIUS authentication with OpenVPN:\n<ul>\n<li>Push MFA (JumpCloud Protect) using MS-CHAPv2 is the recommended RADIUS authentication method in the OpenVPN configuration.&nbsp;<\/li>\n\n\n\n<li>TOTP MFA is not recommended for security reasons. See <a href=\"https:\/\/jumpcloud.com\/support\/authenticate-to-radius-with-mfa\">Authenticate to RADIUS with MFA<\/a> to learn more.&nbsp;<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Configuring OpenVPN for RADIUS Authentication&nbsp;<\/h2>\n\n\n\n<p>To configure OpenVPN Access Server to use JumpCloud RADIUS:<\/p>\n\n\n\n<ol>\n<li>Sign in to OpenVPN Admin Web UI.&nbsp;<\/li>\n\n\n\n<li>Go to <strong>Authentication<\/strong> &gt; <strong>RADIUS<\/strong>.<\/li>\n\n\n\n<li><strong>Toggle On<\/strong> Enable RADIUS Authentication.<\/li>\n\n\n\n<li>Under<strong> RADIUS Server<\/strong>, enter the JumpCloud RADIUS server IP addresses. See <a href=\"https:\/\/jumpcloud.com\/support\/configure-a-wap-vpn-or-router-for-radius#configuration\">JumpCloud RADIUS Server Details<\/a> to learn more.<\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card tip\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/tip-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Tip:<\/strong> \n<p>Use multiple JumpCloud RADIUS IPs for redundancy.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<ol start=\"5\">\n<li>Enter the <strong>Shared Secret<\/strong> from your JumpCloud RADIUS server. To view the Shared Secret:\n<ol style=\"list-style-type:lower-alpha\">\n<li>Log in to the <a href=\"https:\/\/console.jumpcloud.com\/\">JumpCloud Admin Portal<\/a>.<\/li>\n\n\n\n<li>Select USER AUTHENTICATION &gt; RADIUS from the left-hand navigation.<\/li>\n\n\n\n<li>Click to select a configured RADIUS server.<\/li>\n\n\n\n<li>The Shared Secret is below Server Name. Click the eye to make the characters visible.<\/li>\n<\/ol>\n<\/li>\n\n\n\n<li>Under <strong>RADIUS Authentication Method<\/strong>, select <strong>MS-CHAP v2<\/strong>.&nbsp;<\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<p>MS-CHAP v2 is the recommended authentication method.&nbsp;<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<ol start=\"7\">\n<li>Click <strong>Save Settings<\/strong> and <strong>Update Running Server<\/strong>.&nbsp;<\/li>\n\n\n\n<li>Set RADIUS as the Access Server authentication method. See OpenVPN\u2019s <a href=\"https:\/\/openvpn.net\/as-docs\/tutorials\/tutorial--jumpcloud-radius.html#step-3--set-radius-as-the-access-server-authentication-method\">Tutorial: Configure JumpCloud with Access Server via RADIUS<\/a> to learn more.<br><br><img decoding=\"async\" width=\"707\" height=\"907\" class=\"wp-image-111735\" style=\"width: 500px\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/06\/openvpn_radius_config.jpg\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/06\/openvpn_radius_config.jpg 707w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/06\/openvpn_radius_config-234x300.jpg 234w\" sizes=\"(max-width: 707px) 100vw, 707px\" \/> <\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">Testing OpenVPN Authentication&nbsp;<\/h2>\n\n\n\n<p>The OpenVPN Access Server provides the command line utility &#8220;authcli&#8221; to validate your JumpCloud authentication and authorization configuration.&nbsp;<\/p>\n\n\n\n<p><strong>PATH:<\/strong><kbd> \/usr\/local\/openvpn_as\/scripts\/authcli\u00a0<\/kbd><\/p>\n\n\n\n<p><strong>USAGE<\/strong>:<kbd> authcli &#8211;user JumpCloud_Username<\/kbd><br><img decoding=\"async\" width=\"1248\" height=\"428\" class=\"wp-image-111736\" style=\"width: 500px\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/06\/troubleshoot_openvpn_terminal_authcli.jpg\" alt=\"macOS terminal using the authcli commands to test OpenVPN authentication.\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/06\/troubleshoot_openvpn_terminal_authcli.jpg 1248w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/06\/troubleshoot_openvpn_terminal_authcli-300x103.jpg 300w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/06\/troubleshoot_openvpn_terminal_authcli-1024x351.jpg 1024w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/06\/troubleshoot_openvpn_terminal_authcli-768x263.jpg 768w\" sizes=\"(max-width: 1248px) 100vw, 1248px\" \/><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Troubleshooting OpenVPN Authentication and Authorization&nbsp;<\/h2>\n\n\n\n<p>For additional diagnostic information, you can enable Debug Level logging in the OpenVPN Access Server &#8216;as.conf&#8217; configuration file, restart the service and review the log messages within the default &#8220;\/var\/log\/openvpnas.log&#8221; file.<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>$ sudo echo &#8220;DEBUG_AUTH=true&#8221; &gt;&gt; \/user\/local\/openvpn_as\/etc\/as.conf&nbsp;<br>$ sudo service openvpnas restart&nbsp;<\/p>\n<\/div><\/div>\n\n\n\n<p>When troubleshooting is complete, edit the configuration file to comment out the DEBUG reference, and restart the service to return to normal operation.<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>#DEBUG_AUTH=true&nbsp;<br>$ sudo service openvpnas restart&nbsp;<\/p>\n<\/div><\/div>\n\n\n\n<p>For additional information on troubleshooting authentication and enabling debug level logging, see <a href=\"https:\/\/openvpn.net\/vpn-server-resources\/troubleshooting-authentication-related-problems\/#debugging-troubleshooting-authentication-problems\">OpenVPN Troubleshooting Authentication Related Problems (authcli)<\/a> to learn more.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>JumpCloud RADIUS gives you the power and security of RADIUS network authentication without the need for physical servers. Learn how [&hellip;]<\/p>\n","protected":false},"author":218,"featured_media":0,"template":"","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"support_category":[2845,2897],"support_tag":[],"coauthors":[3011],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.9 (Yoast SEO v22.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Configure OpenVPN Access Server to Use Cloud RADIUS<\/title>\n<meta name=\"description\" content=\"Learn how to configure OpenVPN Access Server to use JumpCloud RADIUS for user authentication.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/support\/configure-openvpn-access-server-cloud-radius\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Configure OpenVPN Access Server to Use Cloud RADIUS\" \/>\n<meta property=\"og:description\" content=\"Learn how to configure OpenVPN Access Server to use JumpCloud RADIUS for user authentication.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/support\/configure-openvpn-access-server-cloud-radius\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:modified_time\" content=\"2024-06-25T13:57:45+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/06\/openvpn_radius_config.jpg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"nickconrad\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/support\/configure-openvpn-access-server-cloud-radius\",\"url\":\"https:\/\/jumpcloud.com\/support\/configure-openvpn-access-server-cloud-radius\",\"name\":\"Configure OpenVPN Access Server to Use Cloud RADIUS\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/configure-openvpn-access-server-cloud-radius#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/configure-openvpn-access-server-cloud-radius#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/06\/openvpn_radius_config.jpg\",\"datePublished\":\"2024-06-21T16:30:18+00:00\",\"dateModified\":\"2024-06-25T13:57:45+00:00\",\"description\":\"Learn how to configure OpenVPN Access Server to use JumpCloud RADIUS for user authentication.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/configure-openvpn-access-server-cloud-radius#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/support\/configure-openvpn-access-server-cloud-radius\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/support\/configure-openvpn-access-server-cloud-radius#primaryimage\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/06\/openvpn_radius_config.jpg\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/06\/openvpn_radius_config.jpg\",\"width\":707,\"height\":907,\"caption\":\"OpenVPN Access Server configuration in Authentication > RADIUS page.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/support\/configure-openvpn-access-server-cloud-radius#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Support\",\"item\":\"https:\/\/jumpcloud.com\/support\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Configure OpenVPN Access Server to Use Cloud RADIUS\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Configure OpenVPN Access Server to Use Cloud RADIUS","description":"Learn how to configure OpenVPN Access Server to use JumpCloud RADIUS for user authentication.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/support\/configure-openvpn-access-server-cloud-radius","og_locale":"en_US","og_type":"article","og_title":"Configure OpenVPN Access Server to Use Cloud RADIUS","og_description":"Learn how to configure OpenVPN Access Server to use JumpCloud RADIUS for user authentication.","og_url":"https:\/\/jumpcloud.com\/support\/configure-openvpn-access-server-cloud-radius","og_site_name":"JumpCloud","article_modified_time":"2024-06-25T13:57:45+00:00","og_image":[{"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/06\/openvpn_radius_config.jpg"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"2 minutes","Written by":"nickconrad"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/support\/configure-openvpn-access-server-cloud-radius","url":"https:\/\/jumpcloud.com\/support\/configure-openvpn-access-server-cloud-radius","name":"Configure OpenVPN Access Server to Use Cloud RADIUS","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jumpcloud.com\/support\/configure-openvpn-access-server-cloud-radius#primaryimage"},"image":{"@id":"https:\/\/jumpcloud.com\/support\/configure-openvpn-access-server-cloud-radius#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/06\/openvpn_radius_config.jpg","datePublished":"2024-06-21T16:30:18+00:00","dateModified":"2024-06-25T13:57:45+00:00","description":"Learn how to configure OpenVPN Access Server to use JumpCloud RADIUS for user authentication.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/support\/configure-openvpn-access-server-cloud-radius#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/support\/configure-openvpn-access-server-cloud-radius"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/support\/configure-openvpn-access-server-cloud-radius#primaryimage","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/06\/openvpn_radius_config.jpg","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/06\/openvpn_radius_config.jpg","width":707,"height":907,"caption":"OpenVPN Access Server configuration in Authentication > RADIUS page."},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/support\/configure-openvpn-access-server-cloud-radius#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Support","item":"https:\/\/jumpcloud.com\/support"},{"@type":"ListItem","position":3,"name":"Configure OpenVPN Access Server to Use Cloud RADIUS"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/111731"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/support"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/218"}],"version-history":[{"count":3,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/111731\/revisions"}],"predecessor-version":[{"id":111948,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/111731\/revisions\/111948"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=111731"}],"wp:term":[{"taxonomy":"support_category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_category?post=111731"},{"taxonomy":"support_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_tag?post=111731"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=111731"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}