OpenVPN Multifactor-Authentication / Challenge Response

How to customize and extend your OpenVPN installation.
Post Reply
OpenVpn Newbie
Posts: 1
Joined: Thu Aug 01, 2019 12:13 pm

OpenVPN Multifactor-Authentication / Challenge Response

Post by hoize » Thu Aug 01, 2019 12:38 pm


I have a question regarding OpenVPN Multifactor-Authentication with RSA SecurID and the Challenge/Response-Protocol.
I'm already searching a few days now to get the problem solved, I hope someone here can help me.
We are using OpenVPN Community Edition and have a own prorgrammed OpenVPN-GUI.
The problem is, that we must support different token-methods (OTP + Push-Token) provided by RSA SecurID, and I'm not sure if this is possible to implement this in OpenVPN.
Here is the process the authentication should work:
  1. User inputs Username + Password
  2. OpenVPN-Server initiates authentication with RSA SecurID PAM-Module
  3. RSA want's to know authentication-method (Which Token to use?) from OpenVPN-User => User should get window where he can decide
  4. 2 cases:
    • OTP: User has to input OTP-Value in OpenVPNClient
    • Push-Token: User gets notification on Smartphone
  5. OpenVPN-Server gets login-status from RSA SecurID
I think I have to configure this via dynamic-challenge/response, but I can't find any documentation or user-description to this.
Also I don't know if such a complex login-procedure can be done via OpenVPN.
Does anyone have an idea how to get this working this way?



Post Reply