OpenVPN Support Forum

Hi, our vpn is using Local authentication, is there any way to allow user update the password by themselves?

I have checked from here: https://openvpn.net/access-server-manua ... rmissions/
It seems it is possible with the setting of the CLient Web Server section, but I cant see it in on the GUI

Local Password
You can manage some password options for each user here. Enter the local password they will authenticate with when attempting to connect to the Access Server in the Password field. Below that, choose whether to allow password changes and/or enable password strength checking in the Client Web Server (CWS).

Allow password change from CWS:

Default = Inherit the group or global setting (defined in group permissions or in CWS settings).
Yes = user can change their password after logging in to the CWS.
No = user will not have an option to change their password and it must be managed by you or another administrator.

Login to Device using Admin Credentials. Navigate to Portals -> Domains -> Local Domains -> Click on Edit Configuration -> Enable Allow Password Change and Require Password change on next logon -> Click on Accept to save the configuration. Local user login will be prompted for changing the password.

Hello _Alien,

In OpenVPN Access Server, assuming you have a recent version, you can go to the Admin UI, and then to Configuration > CWS Settings. At the bottom are 2 toggles:

Allows Users to change their own password
Enforce strong passwords when changing

There is no FORCE user to change password on next login option yet.

This only works in authentication mode LOCAL where Access Server is in control of the credentials. If you use PAM, RADIUS, or LDAP, Access Server is not in control of the credentials and therefore then it won't work.

You can also set per user and per group this particular permission.

The user can login at the main web interface of Access Server where he/she can also download the OpenVPN Connect v2 or v3 software, and there will be a change password button there, if this function is enabled and the user is allowed to change his password.