Support Center

Configuring OpenVPN to use JumpCloud's RADIUS-as-a-Service

Prerequisites:
To integrate JumpCloud's RADIUS-as-a-Service with your OpenVPN solution, you will need to register your OpenVPN Access Server(s) Public IP address with your JumpCloud tenant.  See Configuring RADIUS Servers in JumpCloud for details and please note the Shared Secret for configuring your OAS Appliance as detailed below.

 
Version Details:
Configuration options were qualified using the OpenVPN Virtual Appliance v 2.6.1 via the included Admin UI and the OpenVPN Server Administration Guide.

 

Configuring OpenVPN for RADIUS Authentication

RADIUS Authentication Method:  MS-CHAP v2  
RADIUS Settings:
  • Hostname or IP Address:  IP Address  (use multiple IPs for Redundancy)
  • Shared Secret: Enter a passphrase matching your JumpCloud RADIUS Instance
  • Authentication Port: 1812 (UDP)
  • Accounting Port:  Feature Currently Not Supported

JumpCloud RADIUS Server Details

TIP:  When configuring your application or device, choose the IP(s) closest to your geographic location.
 
18.204.0.31 us1.radius.jumpcloud.com US East
54.203.27.225 us2.radius.jumpcloud.com US West
18.194.159.20 eu1.radius.jumpcloud.com EU
18.182.131.248 ap1.radius.jumpcloud.com APAC




 

Testing OpenVPN Authentication

The OpenVPN Access Server provides a command line utility "authcli" that can be used to validate your JumpCloud Directory-as-a-Service authentication and authorization configuration.  

PATH:  /usr/local/openvpn_as/scripts/authcli
USAGE:  authcli --user JumpCloud_Username


Troubleshooting OpenVPN Authentication and Authorization

For additional diagnostic information, you can enable Debug Level logging within the OpenVPN Access Server 'as.conf' configuration file, restart the service and review the verbose log messages within the default "/var/log/openvpnas.log" file.

$ sudo echo "DEBUG_AUTH=true" >> /user/local/openvpn_as/etc/as.conf
$ sudo service openvpnas restart

Once troubleshooting has been completed, edit the configuration file to comment out the DEBUG reference and restarted the service to return to normal operation.

#DEBUG_AUTH=true
$ sudo service openvpnas restart

 

OpenVPN Documentation

Please review the OpenVPN Site for complete documentation on troubleshooting authentication and enabling debug level logging.

 

 

Last Updated: Apr 08, 2019 10:39AM MDT

Related Articles
desk-forwarding@jumpcloud.com
http://assets3.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete