Universal Proxy
Prerequisites:Java 8. 
We suggest to use Amazon Corretto JVM which can be downloaded here.
  • Select “Applications” from the left side menu to open the Application Management page. Then select “Legacy & VPN” from the submenu.

Legacy Apps

 

  • Click on the blue “+Add Legacy App” button.

Add legacy apps

 

  • A pop up window will appear. Choose your app from the Legacy app name drop-down menu or click on “Custom VPN“.

Legacy App Name

 

  • Please download the LDAP/RADIUS agent and click on “Save“.

 

  • Click on “Save“.
  • Copy the “MFA Key” by clicking on the green copy icon.

MFA Key

 

Linux Installation

LDAP

  • Execute the installer as an administrator. 
  • The service configuration screen will show up. Select the network protocol. Set a listening port. Provide a certificate in pfx format containing a public and a private key if you wish to enable secure connections. 
  • Set the “MFA Key” that you retrieved from the LastPass admin portal (Application > Legacy & VPN, copy the LastPass MFA key value and paste it here)Click “Next“. 

Universal Proxy LP


Protocol
– network protocol to be used by service
Port – listening port
LastPass URL – Authentication URL service endpoint
MFA Key – MFA key from the legacy app
Application Name – Set any value you like here if you wish to enable user authorization on LastPass side 
Certificate – provides a certificate file if you wish to enable SSL/TLS connections 

  • Now select the Server Mode that better suits your needs.

LastPass: LastPass passwordless MFA authentication only
Password or LastPass: password or LastPass passwordless MFA authentication
2nd Factor Authentication: password authentication and LastPass MFA authentication

Universal Proxy 2

 

Domain – organization’s domain
Admin User – create an administrator user
Admin Password – set administrator password

If you selected Password or LastPass, or 2nd Factor Authentication, then you’ll be asked to provide your LDAP directory server parameters. 

Universal Proxy 3

 

LDAP Server – LDAP directory server name or IP address
Port – LDAP directory server port
TLS – enables secure connections to LDAP server
LDAP Admin – LDAP user with read permissions on directory users

  • Click “Next” and then “Install” button.
  • The service will start automatically after installation. You can start, stop and check service status with the following commands:
    service lastpass-proxy start
    service lastpass-proxy stop
    service lastpass-proxy status
  • As an alternative, you can check if service is up and running by checking the listening port with the following command
    netstat -atun | grep :<service_port_number>
 
RADIUS

Only PAP and CHAP modes are supported. Authorization and Accounting are not supported by the service.

  • Execute the installer as an administrator. 
  • The service configuration screen will show up. Select RADIUS as protocol. Set a listening port.

Universal Proxy Ldap

 

  • Set the “MFA Key” that you retrieved from the LastPass admin portal (Application > Legacy & VPN, copy the LastPass MFA key value and paste it here). 

Universal Proxy LDAP 2

 

  • Select LastPass as Server ModeThe other server modes are not supported for RADIUS protocol. 
  • Set your organization’s domain name in Domain. 
  • Set a Radius secret. 
  • Click “Next” and then “Install” button.

Universal Proxy 4

 

  • The service will start automatically after installation. You can start, stop and check service status with the following commands:
    service lastpass-proxy start
    service lastpass-proxy stop
    service lastpass-proxy status 
  •  As an alternative, you can check if service is up and running by checking the listening port with the following command: 
    netstat -atun | grep :<service_port_number> 
Text Mode Installation 
  • To install the proxy in text mode execute this command as an administrator: 

    Linux: 
    sudo lastpass-proxy/bin/install.sh nogui 

    Windows: 
    lastpass-proxy/bin/install.bat nogui 

The following is an example of an installation with LDAP protocol and “Password or LastPass” (PLP) mode. Input values are highlighted in bold. Default values are shown in brackets if you wish to use default value just press enter. List of values is shown in square brackets, in this case, you must enter one of the listed values. 

  • Set the “MFA Key” that you retrieved from the LastPass admin portal (Application > Legacy & VPN, copy the LastPass MFA key value and paste it here).
  • Set an application name if you wish to enable user authorization on LastPass side. 
  • The certificate to enable the secure connections must be in pfx format and contain a public and a private key. 

Select the protocol [LDAP, RADIUS, RADSEC] LDAP 
Enter the listening port (1389)    
Enter the authentication URL (https://identity-api.lastpass.com/v2/id) 

Do you wish to enable user authorization? [y, n] y  
Enter the application name VPN Server  
Enter the LastPass MFA key 
Do you wish to enable secure connections [y, n] y   
Enter the certificate path /home/user/cert.pfx   
Overwrite bind response [y, n] (n)    
Select the server mode [LP, PLP, SFA] PLP   
Enter the organization domain client.org   
Enter the LDAP server address dc.client.org  
Enter the LDAP server port  636   
Are secure connections enabled? [y, n] y   
Enter the LDAP administrator user cn=administrator,cn=users,dc=client,dc=org 
service installed   
installation successful 

Available server modes are: 

LastPass (LP) for LastPass authentication only 
Password or LastPass (PLP) for password or LastPass authentication 
2nd Factor Authentication (2FA) for LastPass authentication along with password authentication 

 

Uninstall 

Go to “Add or remove programs“, search and select Universal Proxy, and then click on “Uninstall” button.