English Forums > Documentation and Translation
2FA to multi factor authentication
lshantz:
Greetings. This will be my first post, so be gentle. I recently made the switch to Opnsense from PF and now need to get everything running. One of the things I'm trying to do, is multi-factor authentication. Here is where I'm getting my instructions from: https://docs.opnsense.org/manual/how-tos/sslvpn_client.html
Where I'm stuck is this line: Go to VPN ‣ OpenVPN ‣ Servers and click the pencil icon next to the server we just created to change the 2FA to multi factor authentication.
There simply is NO such place to make this change. So is there an undocumented package that needs installing? As a result the following steps don't work and a certificate is not exported. I'm so close! Any help appreciated. It is just a missing piece of the puzzle, or a change has been made to the system and this didn't get updated. ??
mimugmail:
Did you add the 2FA server in System : Access : Servers? There you can add a "Server" like local+TOTP, label it and then you select it via OpenVPN. Sometimes things are too easy to overlook :)
lshantz:
I'm not sure I understand. I DO have in that area, Free Radius Authentication, Type Radius, I have Radius 2 factor, type local+Time based one time password, and local database. The only other options I see are LDAP, LDAP+time based, and Voucher. Nothing about 2FA.
In the above instructions, the inference is there is a choice to make, which in my case there simply is no choice. Check it out for yourself and see what you see? I can do screen shots if you have that selection.
mimugmail:
You need local+TOTP, isn't it what you want? pfsense only supports 2FA via Radius, but OPN has it natively onboard :)
lshantz:
No, that is not quite correct. What you are proposing is 2 factor authentication. That works fine. What I want to do is multi authentication. That consists of a password, the TOTP server or like Google authentication, AND a certificate. If you follow the link I posted, you would see exactly what should be happening. What I'm asking is what part of the documentation is wrong and how do I get past this error, or.... what step is not documented that I'm missing. Since I can not do what it claims I should be able to do.
Navigation
[0] Message Index
[#] Next page
Go to full version