OpenVPN Access Server System Administrator Guide
OpenVPN Access Server System Administrator Guide
OpenVPN Access Server System Administrator Guide
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
4.3.3 RADIUS<br />
Figure 34: RADIUS Authentication page<br />
When RADIUS is not already selected to be used to authenticate users, the Use RADIUS button<br />
selects RADIUS (instead of PAM or LDAP) for authentication.<br />
Up to five redundant RADIUS servers may be configured. For each server, the Hostname or IP<br />
Address, Shared Secret, and Authentication Port must be specified. The Accounting Port is only<br />
needed when RADIUS Accounting is enabled (see below).<br />
To authenticate users via RADIUS, the <strong>Access</strong> <strong>Server</strong> attempts to communicate with one of the<br />
configured RADIUS servers (chosen randomly). If the communication times out (after 5 seconds),<br />
the <strong>Access</strong> <strong>Server</strong> will retry the same server once more. The <strong>Access</strong> <strong>Server</strong> will attempt<br />
communication with up to three RADIUS servers in this way.<br />
Accounting information is also conveyed to the RADIUS server when the Enable RADIUS<br />
Accounting checkbox is enabled. The user's accounting information includes the time length of the<br />
user's VPN session, as well as the input and output bytecounts for the user's VPN traffic. More<br />
specifically, the supported Accounting Attributes (as prescribed by RFC2865 and RFC2866) are<br />
listed in Section 6.2.<br />
<strong>OpenVPN</strong> <strong>Access</strong> <strong>Server</strong> <strong>System</strong> <strong>Administrator</strong> <strong>Guide</strong><br />
37