OpenVPN Connect Auth

What is it?

This term is used to configure the authentication policy that should be enforced during VPN connection attempts for the Users belonging to a specific Group. There are three types of policies that pertain to authenticating the VPN connection attempt. While all VPN connection attempts are authenticated based on the digital certificate that is part of the Profile, the “Connect Auth“ configuration determines when and whether the user is prompted for account credentials.

No – User won’t be prompted for credentials during a VPN connection attempt.

On prior auth timeout – User won’t be prompted for credentials during the next 12 hours following a successfully authenticated VPN connection.

Every time – User will be prompted for credentials on every VPN connection attempt.

Who should use this?

The administrator should set this per User Group

Why should I use this?

If stricter security needs to be employed for certain User Groups or to bypass password entry for certain User Groups

Show me how to configure it:

When should I make use of this?

Setting the Connect Auth to ‘No’ allows for a quick VPN setup without the need for the user to enter credentials. This authentication type allows for unattended operation. For example, IoT devices that operate in an unattended fashion can be put in a User Group with Connect Auth set to ‘No’.