Configure an OpenVPN Authentication Group and User
If username and password authentication is used for the OpenVPN server, you must create an OpenVPN authentication group and user.
See Configure an OpenVPN server for information about configuring an OpenVPN server to use username and password authentication. See IX40 user authentication for more information about creating authentication groups and users.
Web
- Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights.
- Access the device configuration:
Local Web UI:- On the menu, click System. Under Configuration, click Device Configuration.
The Configuration window is displayed.
- Add an OpenVPN authentication group:
- Click Authentication > Groups.
- For Add Group, type a name for the group (for example, OpenVPN_Group) and click .
The new authentication group configuration is displayed.
- Click OpenVPN access to enable OpenVPN access rights for users of this group.
- Click to expand the OpenVPN node.
- Click to add a tunnel.
- For Tunnel, select an OpenVPN tunnel to which users of this group will have access.
- Repeat to add additional OpenVPN tunnels.
- Add an OpenVPN authentication user:
- Click Authentication > Users.
- For Add, type a name for the user (for example, OpenVPN_User) and click .
- Type a password for the user.
This password is used for local authentication of the user. You can also configure the user to use RADIUS or TACACS+ authentication by configuring authentication methods. See User authentication methods for information.
- Click to expand the Groups node.
- Click to add a group to the user.
- Select a Group with OpenVPN access enabled.
- Click Apply to save the configuration and apply the change.
Command line
- Select the device in Remote Manager and click Actions > Open Console, or log into the IX40 local command line as a user with full Admin access rights.
Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
- At the command line, type config to enter configuration mode:
> config
(config)>
- Use the add auth group command to add a new authentication. For example, to add a group named OpenVPN_Group:
(config)> add auth group OpenVPN_Group
(config auth group OpenVPN_Group)>
- Enable OpenVPN access rights for users of this group:
(config auth group OpenVPN_Group)> acl openvpn enable true
- Add an OpenVPN tunnel to which users of this group will have access:
- Determine available tunnels:
(config auth group OpenVPN_Group)> .. .. .. vpn openvpn server ?
Servers: A list of openvpn servers
Additional Configuration
-------------------------------------------------------------------------------
OpenVPN_server1 OpenVPN server
(config auth group OpenVPN_Group)>
- Add a tunnel:
(config auth group OpenVPN_Group)> add auth group test acl openvpn tunnels end /vpn/openvpn/server/OpenVPN_server1
(config auth group OpenVPN_Group)>
- Save the configuration and apply the change.
(config)> save
Configuration saved.
>
- Type exit to exit the Admin CLI.
Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device.
PDF
