OpenVPN AS with Duo Security

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
npohl82
OpenVpn Newbie
Posts: 1
Joined: Wed Feb 11, 2015 1:20 am

OpenVPN AS with Duo Security

Post by npohl82 » Wed Feb 11, 2015 1:26 am

Hello everyone, I'm new to the forums and to Open VPN. I have successfully configured an OpenVPN AS on my instance of CentOS 6.6 and it's been working great! However, I'd like to add an additional layer of authentiction and I was considering Duo Security.

I attempted to setup a Duo Security integration with OpenVPN AS, but was unsuccessful. Per the instructions below it seems relatively simple. I setup an integration, which includes a integration key, security key and an api-hostname. I included those in the python script and ran the commands below, substituting the "admin_user" with an administrative user on my instance of openVPN AS.

When I attempt to authenticate, it does so successfully, but it does not prompt me for my Duo Security authentiction as I would expect. I ran the following commands after incorporating the script provided by duo security. Has anyone ever set this up that can offer some insight into any custom configuration that I may be missing on the OpenVPN end?

/usr/local/openvpn_as/scripts/sacli -a admin_username -k auth.module.post_auth_script --value_file=/usr/local/openvpn_as/scripts/duo_openvpn_as.py ConfigPut

/usr/local/openvpn_as/scripts/sacli -a admin_username Reset

Link to documentation:
https://www.duosecurity.com/docs/openvp ... curity.com

khenry
OpenVpn Newbie
Posts: 1
Joined: Thu Apr 18, 2019 2:58 am

Re: OpenVPN AS with Duo Security

Post by khenry » Thu Apr 18, 2019 3:03 am

Did you ever find a solution to this?

fusion_cdixon
OpenVpn Newbie
Posts: 1
Joined: Thu May 14, 2020 11:26 am

Re: OpenVPN AS with Duo Security

Post by fusion_cdixon » Thu May 14, 2020 11:28 am

For anyone coming here in hope of an answer....I had this issue too, in my case the solution was that openvpnAS automatically allows the "openvpn" user to login without checking the 2nd factor. If you create another user to test with then this seems to work fine with Duo

Post Reply