Hi, neither OPNSense, pfSense nor windows/mac/linux clients can use 2FA for Wireguard because the service lucks of such "complicated feature"... which is sadly because OpenVPN limits clients traffic to usually around 16 MBit .
But there is a nice projected with a "2fa login page" which looks interesting and possible to implement as plugin for OPNsense:
https://github.com/NHAS/wag
Iit's iptables based but it shouldn't be too problematic to adopt such code for pf firewall rules for people which knows what to do?
Bests
Reiner
You can use the captive Portal for this :)
With UDP as transport and some tweaks also 90Mbit will be possible with Openvpn
If you need even more performance use IPsec. I get 600mbit/s with my roadwarrior setups. (Wifi 6 Mu-Mimo 2x2 on Windows Laptops) and 300mbit/s on Android (Wifi 6 Mu-Mimo 1x1)
Since OPNsense was not main task delayed answer
We are using IPSec for our "business" connection to other office without problems.
OpenVPN is used for our employees and only graphic department has as usual "performance problems" with their huge files ^^
Idea was to give a common project hint for Wireshark to improve speed/security for (home) users/admins with less experience within an easy setup.
It seems the last years that OpenVPN was "tuned" by default so 1-2 years ago we could fill up a German VDSL line bandwith of 100 MBits without problems but I am not sure if this is commonly possible.
While checking out some other OpenVPN tasks (this nice and very very unintuitive new "Connection GUI" ... which is clear when finally found to setup but behaves complete different than the old configuration templates) I found in this forum discussions about "loadbalanced OpenVPN servers" like in
https://openvpn.net/community-resources/implementing-a-load-balancing-failover-configuration/
given and also a maybe interesting OpenVPN loadbalancing tool/idea "AirVPN" and also a nice howto for a three-WAN loadbalanced IP tunnel :
https://nguvu.org/pfsense/pfsense-multi-vpn-wan/
Have you checked Defguard: https://defguard.net/
The also have a OPNsense plugin: https://defguard.gitbook.io/defguard/admin-and-features/setting-up-your-instance/gateway#opnsense-plugin
Does anyone know the responsible company of Defguard: https://teonite.com/about
Very Interesting Plug-In/Project. Have someone experience with it?
I can not find out how to configure it. Where to become the Defguard Token? And so further. I can not find in the Documentation how to do it in context of OPNSesne.