Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
OpenVPN Groups and MFA?
« previous
next »
Print
Pages: [
1
]
Author
Topic: OpenVPN Groups and MFA? (Read 752 times)
TitanOne1337
Newbie
Posts: 1
Karma: 0
OpenVPN Groups and MFA?
«
on:
March 12, 2024, 09:54:40 am »
Hello everyone!
I was tasked by a customer with looking into setting up a OpenVPN based solution for User VPNs, because our current implementation with a FortiGate and its SSL VPN is going up in flames (the most well optimized and structurally sound thing since my grandmother's hips). Our "old" pfSense OpenVPN setup that only still exists because of the issues with the FortiGate VPN also has to be axed because it is, in plain terms, one steaming pile of garbage. This came to be before my time, and was done in this way because the people there apparently work 28 hours a day and 12 days a week,
any
downtime has to be planned months in advance.
To be clear, as a Firewall the FortiGate is staying, but I have to find a different VPN Solution, . This solution needs to fulfill some requirements:
User Groups with granular permissions (down to specified IP and Port)
The ability to assign a User to
multiple Groups
A MFA solution that is NOT cloud-based
NO cloud in fact. For some certification that I don't remember we cannot use cloud services
Simple config management, if possible just one config for all users
Part of the task is to try OPNsense first and foremost, since pfSense doesn't provide all the things we need and the OpenVPN Access Server is quite pricey for the couple
dozen
Users we have.
If anyone could tell me if OPNsense can do what I've listed, you'd save me a wild goose chase for answers and hours of throwing spaghetti at the wall to see what sticks.
«
Last Edit: March 12, 2024, 11:26:11 am by TitanOne1337
»
Logged
bartjsmit
Hero Member
Posts: 2018
Karma: 194
Re: OpenVPN Groups and MFA?
«
Reply #1 on:
March 12, 2024, 02:05:21 pm »
Sounds a lot like RADIUS to me
Logged
trixter
Jr. Member
Posts: 76
Karma: 0
helfe, so gut ich kann
Re: OpenVPN Groups and MFA?
«
Reply #2 on:
March 20, 2024, 11:27:18 am »
In OpnSense you could use the local database or common LDAP for authentication. MFA is also build in Sense as a local service - just the openvpn clients are not realy easy with MFA - you would have to type in password + MFA in the passwords column.
Logged
VMW / PMX / PFS / OPS
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
OpenVPN Groups and MFA?