It’s Your VPN – Use the Auth System You Want

Verify everyone and everything accessing your network.

Use local, external, TOTP, custom – even multiple – authentication systems.

Access Server makes it easy to configure authentication that meets your – and users’ – needs. Have an existing directory service? Configure support for an external authentication system.

Get unmatched flexibility and compatibility with the top authentication systems

Identity verification is critical to securing your network. With Access Server you can use the authentication system – or systems – you prefer.

Local Authentication

By default, Access Server uses local authentication and password hashes (SHA256) stored in the user properties database to verify credentials during login.

PAM Authentication

Manage PAM authentication on your server, using local user accounts in the operating system where Access Server is installed, or on a separate server reachable by Access Server.

LDAP Authentication

Use the Access Server Admin UI to provide more secure authentication for your users and one source of truth for user management through integration with LDAP authentication services.

RADIUS Authentication

Enable RADIUS authentication (PAP, CHAP, and MS-CHAP v2 supported), accounting reports, and case-sensitive matching with the toggles in the RADIUS settings section of Access Server.

SAML Authentication

When you enable SAML authentication on Access Server users get a single sign-on (SSO) experience that uses IdP credentials instead of Access Server-specific credentials.

Custom Authentication

You can write custom Python3 code, using post_auth scripts, to load into the Access Server post_auth programming hook as a supplemental or replacement authentication system.

Simultaneous Auth Systems

Access Server lets you use multiple authentication systems simultaneously, so you can define one default system and optionally configure other systems by group or user.

TOTP Multi-factor Authentication

Add another layer of security with multi-factor authentication (MFA) using time-based one-time passwords (TOTP), an industry-standard way to store a secret key on a user device.

Certificates and Private Keys

On top of user-credential authentication, Access Server also uses private keys and public certificates to verify client and server identity.

FAQs

If you have any difficulties, we have collected all of the useful materials for this product in our Knowledge Base, Video Tutorials, and documentation.

OpenVPN Access Server automatically locks out user accounts after repeated failed authentications as a security precaution. When this lockout is triggered on an account, the user receives a message like "LOCKOUT" or "user temporarily locked out due to multiple authentication failures" when trying to sign in. This prevents brute-force guessing the password by endlessly trying different passwords.

The lockout triggers when a wrong password is entered three times consecutively within 15 minutes. The lockout expires after 15 minutes. You can modify these default settings. You can also manually lift the lockout if you don't want to wait 15 minutes.

Exceptions to the lockout policy are authentications done with a user-locked connection profile and bootstrap accounts. Access Server requires authentication with valid credentials to obtain a user-locked connection profile; bootstrap accounts can only bypass the lockout policy on Access Server 2.9 and older.

To change the lockout policy from the default settings, refer to this command line documentation page regarding the lockout policy.

See what nearly 20,000 customers, hundreds of partners, and all major cloud providers already know.

Jason K. REPAY
Easy to configure options, add users, and that it has two factor authentication built in. You can configure the system to allow connections on common ports so that you're able to connect from pretty much anywhere in the world.
Johnathan B. Surry Telephone
Configuring and updating my own server is super simple. In my experience, I've always had some difficulty setting up hardware VPN appliances, but OpenVPN was no-nonsense.
Alex H. DGDean
The OpenVPN Access Server AMI is a great out of the box VPN solution for your AWS VPC...
John G. Anovys, LLC
OpenVPN offers users a very simple and secure VPN option that is both economical and quick to install. Users are able to easily install it on their client devices.
Jeremy F. Intelligent Pathways
The availability of client software for all operating systems and mobile devices means my customers can connect regardless of their setup.
Josh Wc. nexgen|packaging, LLC
Excellent, flexible solution for our Azure environment.

Ready to get started?

Sign up for free or get a demo from our team.

Sign Up Get a Demo