Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
19.7 Legacy Series
»
OpenVPN with TOPT only?
« previous
next »
Print
Pages: [
1
]
Author
Topic: OpenVPN with TOPT only? (Read 2475 times)
PotatoCarl
Full Member
Posts: 134
Karma: 5
OpenVPN with TOPT only?
«
on:
October 30, 2019, 10:02:30 am »
Hi
Ia m trying to setup an OpenVPN Server with TOPT authentification ONLY. However, it does not work. The combination TOPT+Local Database works fine. So I have to enter username+TOPT and the connection works. When I deselect "local database" and only have TOPT enabled in the OpenVPN Server, it does not work anymore.
Using only the local database works fine, too.
Is there a way to use ONLY TOPT? And, preferably disconnect after a specified time?
Thank you.
Logged
franco
Administrator
Hero Member
Posts: 17668
Karma: 1611
Re: OpenVPN with TOPT only?
«
Reply #1 on:
November 01, 2019, 09:25:14 am »
Use the tester to confirm that TOTP is working -- it sounds like it isn't set up correctly. TOTP does not work stand-alone so you always have to have a password either locally or remotely via LDAP.
Also do not use TOTP+Local and Local both set for authentication, because it renders your TOTP useless since you can always log in using the password alone as a fallback.
Cheers,
Franco
Logged
PotatoCarl
Full Member
Posts: 134
Karma: 5
Re: OpenVPN with TOPT only?
«
Reply #2 on:
November 06, 2019, 09:54:28 am »
Dear Franco,
yes, TOPT+passwork works perfectly. I just do not want that. I want for the OpenVPN and ONLY for specific servers a pure and only TOPT authentification (e.g. with a token tool ONLY).
If you ever tried to enter on a mobile phone a password and then the token you will find that you are typically not fast enough.
I have also no idea if a longer TOPT would be possible, e.g. 10 digits instead of 6 (in google authentification or so) and this to be used as a one time password generator. That would be a pretty cool option for the passwords, I believe.
Cheers
Logged
franco
Administrator
Hero Member
Posts: 17668
Karma: 1611
Re: OpenVPN with TOPT only?
«
Reply #3 on:
November 06, 2019, 05:47:56 pm »
At the moment there are no plans to provide a TOTP-only authentication. It makes sense as a second factor but not as a primary authentication method. Time-based authentication is problematic and it would be far better to use something like a RADIUS where you could configure safer token-only login capabilities and use it from OPNsense.
Cheers,
Franco
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
19.7 Legacy Series
»
OpenVPN with TOPT only?