How To Manage Users in the OpenVPN Access Server

In this guide we will show you how to manage your users in your OpenVPN Access Server. In the User Permission page under the User Management panel, you can set different settings like password, IP address, MFA for each user. 

Creating the user

To create a new user, enter it’s username in the username field(1), then click on the notepad icon and enter the password in the field next to Password(8). You can configure additional settings, which can be seen by clicking on the notepad next to the new user. To save the user, scroll down and click on “Save settings” to create it.

Deleting the user

If you want to delete a user, check the Delete box(5) next to the user you want to delete. Then click on “Save settings” to delete it.

Blocking a user’s access to the VPN

To block a user’s access to the VPN, check the Deny Access box(4) next to the user you want to delete. Then click on “Save settings” to delete it.

Allowing passwordless login for a user

Mostly used for automated machines and servers. When you allow a passwordless login for a user, that user can establish a VPN connection to your BGOcloud OpenVPN server using only his certificate. To allow a passwordless login check the Allow Auto-login box(3) next to the user you’ll be allowing it to. Then click on “Save Settings” to apply.

Making the user an admin

To make the user an admin, check the Admin box(2) next to the user you want. Then click on “Save settings” to apply.

Additional settings

When you create a new user, it applies the default settings set in the Configuration and Authentication menus. These are mostly used when you want to specify some settings for some users. Here are the most used ones:

Configure user authentication method(6)

This is used mostly when you set an external authentication method (e.g. LDAP, RADIUS) to allow login with an Active Directory credentials for example. Some options are grayed out until you set up the authentication server in your OpenVPN Access Server.

TOTP-based Multi-Factor Authentication(7)

This is used for enabling MFA for the user. To see how it works, you can check this tutorial:
https://www.bgocloud.com/knowledgebase/84/openvpn-access-server-setting-up-multifactor-authentication.html
Please note that you need to reimport your ovpn profile if you have downloaded it while you had MFA enabled.

Local Password(8)

These are the settings for setting up the password when you authenticate using the OpenVPN Access Server.

Password: Enter the new password here if you need to change it.
Allow password change from CWS: Setting it to NO will disable the user’s ability to change the password from the Client Portal. Only Admins can change the password.
Enable password strength checking in CWS: Setting it to NO will allow the use of weak passwords when changing it.

IP addressing(9)

Here you can set a static IP address for the client. Click on “Use Static” and set an IP address of your choice. Make sure it doesn’t overlap with other assigned IP addresses. If It’s left on “Use Dynamic”, it will take a random address from the configured pool.

After each configuration, don't forget to update the running server.


Take a look at our fast and secure OpenVPN Hosting and choose the appropriate plan for your needs.