English Forums > Virtual private networks

OpenVPN Login with Certificate and OTP

(1/2) > >>

AndreK:
Hello togehter,

Can someone tell me if its possible to use OpenVPN with certificate and OTP Token (Google Auth).
I dont wont to use usernames and Passwords.

At the Moment i use ipsec vpn's without OTP. Now i want to change to OpenVPN and will increase the security little bit.

In the documents i only find the way with only cert or with cert and username/pw and OTP.

Kind regards

Andre

BusinessTux:
Hi Andre,

yes you can. I always wanted to say that  ;D.

You have to configure a TOTP-Server under System > Access > Servers.
I recommend the option "Reverse token order" for better usability.

More on https://docs.opnsense.org/manual/how-tos/two_factor.html

Then you have to "Generate new secret (160 bit)" in the user.

And last you have to use this auth server in the OpenVPN-Configuration.

I've using this with additionally tls certificates

AndreK:

--- Quote from: BusinessTux on January 17, 2022, 10:18:34 am ---yes you can. I always wanted to say that  ;D.

--- End quote ---

I can remember hearing that phrase before.  ;)

But if i choose SSL/TLS + User Auth does he not ask for user and password?

I try to follow this guide: https://docs.opnsense.org/manual/how-tos/sslvpn_client.html

At the Point "Adding a User" i have to set a user and password. Without i cant create a User.

Kind regards

Andre

BusinessTux:
Yes, you're right. I haven't read, that you don't want a user.

Without user and password there is no way in my opinion.

Only TOTP isn't available as access server in OPNsense.

AndreK:

--- Quote from: BusinessTux on January 18, 2022, 06:56:38 am ---Only TOTP isn't available as access server in OPNsense.

--- End quote ---

i found this:
https://www.howtoforge.com/securing-openvpn-with-a-one-time-password-otp-on-ubuntu

The question will be, will it work with opnsense

Navigation

[0] Message Index

[#] Next page