Hello,
I know OpenVPN officially support smart cards like 2FA solution. I would be happy (at not only me for sure) to have Google Authenticator as two factor authentication.
I read somewhere it can be done if client is Linux, courtesy by PAM, but problem are Windows clients. I can`t find any Windows VPN client which can use OpenVPN as a server (this is ok), user & pass authentication (Access Server with LDAP, that`s also ok), but not able to find solution for Google Authenticatior, or just any verification code input box (like RSA hardware token).
If someone knows how to setup those parameters using shell, or modified .conf file, that would be great. This is needed since we have to be compliant.
Thank you,
Stan
OpenVPN with Google authenticator like 2FA (windows client)
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 3
- Joined: Tue Nov 29, 2011 8:55 am
- Mimiko
- Forum Team
- Posts: 1564
- Joined: Wed Sep 22, 2010 3:18 am
Re: OpenVPN with Google authenticator like 2FA (windows clie
Google Authenticator uses 2 step verification: your user name and password from the google account and a code. Which is already done in OpenVPN: user name and keys. It will be unsequre for users to use their usernames from google account to authenticate to OpenVPN server, as OpenVPN server administrator can get those username's and codes and access the google account.
-
- OpenVpn Newbie
- Posts: 3
- Joined: Tue Nov 29, 2011 8:55 am
Re: OpenVPN with Google authenticator like 2FA (windows clie
Hello Mimiko,
thank you for your reply; Google authenticator can be used for Google account verification, but this is JUST ONE example. For example, I have been using GA for ssh 2FA, which doesn`t bond any Google account anyhow. As I said we will use AccessServer for LDAP -> AD to get user names and passwords.
So, Google Authenticator as a free app for smartphones looks like ideal alternative for hardware tokens. That`s all story.
Fortunately, I got reply from one commercial OpenVPN client vendor support (there are just few of them on planet Earth, what is a bit surprise), so I`ll try to follow their instructions, furthermore they are also keen to find out will it work indeed.
Best regards,
Stan
thank you for your reply; Google authenticator can be used for Google account verification, but this is JUST ONE example. For example, I have been using GA for ssh 2FA, which doesn`t bond any Google account anyhow. As I said we will use AccessServer for LDAP -> AD to get user names and passwords.
So, Google Authenticator as a free app for smartphones looks like ideal alternative for hardware tokens. That`s all story.
Fortunately, I got reply from one commercial OpenVPN client vendor support (there are just few of them on planet Earth, what is a bit surprise), so I`ll try to follow their instructions, furthermore they are also keen to find out will it work indeed.
Best regards,
Stan
-
- OpenVpn Newbie
- Posts: 3
- Joined: Tue Nov 29, 2011 8:55 am
[Resolved] OpenVPN with Google authenticator 2FA (win client
It`s done finally
All credits to this guy:
http://code.google.com/p/google-authent ... tail?id=39
You have to use hg to get source code, than apply patches and finally run make, make install.
You need to add just two lines in pam configuration file.
On the client side, in password field just type user pass+google digit code (immediately followed).
BR
Stan
All credits to this guy:
http://code.google.com/p/google-authent ... tail?id=39
You have to use hg to get source code, than apply patches and finally run make, make install.
You need to add just two lines in pam configuration file.
On the client side, in password field just type user pass+google digit code (immediately followed).
BR
Stan
- Mimiko
- Forum Team
- Posts: 1564
- Joined: Wed Sep 22, 2010 3:18 am
Re: OpenVPN with Google authenticator like 2FA (windows clie
Move to Authentication Scripts