Help Center Home > Authentication > Configure OpenVPN to use Cloud LDAP

Configure OpenVPN to use Cloud LDAP

You can configure OpenVPN to use JumpCloud's LDAP-as-a-Service, which will perform user authentication and authorization. OpenVPN is an open source connection protocol that facilitates a secure tunnel between two points in a network. It's a trusted technology used by many virtual private networks (VPNs), to ensure that data sent over the internet is encrypted and private.

Prerequisites:

See Use Cloud LDAP to obtain the JumpCloud specific settings required below.

Version Details:
Configuration options were qualified using the OpenVPN Virtual Appliance v 2.6.1 via the included Admin UI and the OpenVPN documentation for configuring LDAP authentication.

Configuring OpenVPN for LDAP Authentication and Authorization

LDAP Settings:

Primary server: ldap.jumpcloud.com

Use SSL to connect to LDAP servers: On

Credentials for Initial Bind: ‘Use these credentials’ select On
Bind DN: uid=LDAP_BINDING_USER,ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com
Password: LDAP_BINDING_USER_PASSWORD
Username Attribute: uid

(Optional) Group Setting:

You can add a requirement for LDAP group membership to control user access. To leverage LDAP Groups, see Create an LDAP Group.

Additional LDAP Requirement: memberOf=cn=GROUP_NAME,ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com

OpenVPN LDAP server configuration settings.

Testing OpenVPN Authentication and Authorization

The OpenVPN Access Server provides a command line utility "authcli" that can be used to validate your JumpCloud Directory-as-a-Service authentication and authorization configuration.  

PATH:  /usr/local/openvpn_as/scripts/authcli
USAGE:  authcli --user JumpCloud_Username

Testing OpenVPN LDAP authentication via terminal.

Troubleshooting OpenVPN Authentication and Authorization

For additional diagnostic information, you can enable Debug Level logging within the OpenVPN Access Server 'as.conf' configuration file, restart the service and review the verbose log messages within the default "/var/log/openvpnas.log" file.

$ sudo bash -c "echo "DEBUG_AUTH=true" >> /usr/local/openvpn_as/etc/as.conf
$ sudo service openvpnas restart

After you finish troubleshooting, edit the configuration file to comment out the DEBUG reference and restart the service to return to normal operation.

#DEBUG_AUTH=true
$ sudo service openvpnas restart

OpenVPN Documentation

Review the OpenVPN site for documentation on troubleshooting authentication and enabling debug level logging.

Back to Top

List IconIn this Article

Notebook IconLearn More

Use Cloud LDAP

External: OpenVPN Troubleshooting Authentication Related Problems (authcli)

External: OpenVPN Enable Verbose Authentication Debugging

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case