Adding OpenVPN Remote Access Users¶
At this point the VPN server is configured but there may not be any clients which can connect. The method for adding users to the VPN will depend upon the authentication method chosen when creating the OpenVPN server.
See also
More details on adding users can be found in User Management and Authentication. More information on managing user certificates can be found in User Certificates.
Local Users¶
To add a user that can connect to OpenVPN, they must be added to the User Manager as follows:
Navigate to System > User Manager
Click
Add to create a new user
Enter a Username, Password, and password confirmation
Fill in Full Name (optional)
Check Click to create a user certificate, which will open the certificate options panel
Enter the user’s name or some other pertinent information into the Descriptive Name field
Choose the same Certificate Authority used on the OpenVPN server
Choose a Key Length (may be left at the default)
Enter a Lifetime (may be left at the default)
Click Save
To view or change the user:
Navigate to System > User Manager
Click
next to the row containing the user to see/edit
To export a user’s certificate and key:
Note
This part may be skipped if using the OpenVPN Client Export Package, described in OpenVPN Client Export Package. The client export package is a much easier way to download client configurations and installation files.
Navigate to System > Cert Manager on the Certificates tab
Locate the user certificate in the list
Click
to download the user certificates
Click
to download the key for the certificate
Click
to download a PKCS#12 bundle which includes the user certificate and key, and the CA Certificate (optional).
In most cases, the CA Certificate should also be downloaded with the user certificate. This can be done from its entry on System > Cert Manager, CAs tab, or by using the PKCS#12 bundle mentioned previously.
LDAP or RADIUS Users¶
Adding LDAP and RADIUS users will fully depend on the server implementation and management tools, which are beyond the scope of this documentation. Contact the server administrator or software vendor for assistance. Certificates for LDAP or RADIUS users cannot be created from within the firewall’s web interface in a way that reflects a user-certificate relationship. However, it is possible to create the certificates on their own using the certificate manager as described in User Certificates