How is user authentication and management handled?

OpenVPN Access Server supports a number of authentication system. The default system is called LOCAL authentication and relies on a built-in database for users and passwords which can be managed through the admin web interface or through the command line interface. OpenVPN Access Server can also authenticate against an external authentication systems. It is however currently not possible to mix authentication systems. You can choose one of these 4 supported authentication systems:

  • LOCAL - the built-in local authentication system.
  • PAM - the local user accounts in the operating system that Access Server is installed in.
  • LDAP - and through this it is possible to connect to an Active Directory
  • RADIUS

The user authentication system may reside on the same server as the Access Server (as is always the case when LOCAL or PAM is chosen). Alternatively, it can reside on a separate server, as long as it is reachable by the OpenVPN Access Server.