Clients authenticating to the IP Access OpenVPN server are authenticated using two factors:
- A certificate unique to a node
- A username/password unique to a user
Generating a Client Configuration file creates a unique client certificate which is embedded into the downloaded .ovpn file. Conversely, deleting a Client Configuration revokes its certificate, causing authentication to fail for any clients that have previously imported the deleted configuration.
During VPN connection, the client is prompted to enter a username and password. These credentials are the same as those used to login to the Lighthouse web UI or CLI. For authentication to succeed, the user account must be one of:
- Lighthouse Administrator role, or root
- Node Administrator role with access to the node you are connecting through
- Node User role with access to the node you are connecting through