Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
22.7 Legacy Series
»
Openvpn OTP challenge only?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Openvpn OTP challenge only? (Read 746 times)
epoch
Newbie
Posts: 35
Karma: 3
Openvpn OTP challenge only?
«
on:
September 30, 2022, 07:54:24 pm »
First off I want to say I enjoy OPNsense 22.7 on PCEngines APU2 tremendously. Thank you, all.
I have recently setup OpenVPN on a gateway (found your howto mostly fine) for the usual remote admin use-case. Works a treat.
I am now setting up another VPN instance for peer to peer collaboration between road-warriors. In this case I only rely on certificate-based authentication as I don’t really care for creating an unprivileged user in the router for each roadwarrior device.
I would have liked to be able to define in addition an OTP seed for each certificate and use it as password; akin to creating a local user with an empty password+its OTP seed, but bypassing the worrying passwordless user account aspect.
I remember having done that on Linux with the right PAM options.
I believe, requiring an OTP code is manageable even in almost batch setup (nowadays I tend to put VPN clients in containers if I can), and nicely enhances security in case of laptop theft, for example.
Do you think this makes sense? Any takers for this kind of setup besides me?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
22.7 Legacy Series
»
Openvpn OTP challenge only?