I have a question regarding OpenVPN Multifactor-Authentication with RSA SecurID and the Challenge/Response-Protocol.
I'm already searching a few days now to get the problem solved, I hope someone here can help me.
We are using OpenVPN Community Edition and have a own prorgrammed OpenVPN-GUI.
The problem is, that we must support different token-methods (OTP + Push-Token) provided by RSA SecurID, and I'm not sure if this is possible to implement this in OpenVPN.
Here is the process the authentication should work:
- User inputs Username + Password
- OpenVPN-Server initiates authentication with RSA SecurID PAM-Module
- RSA want's to know authentication-method (Which Token to use?) from OpenVPN-User => User should get window where he can decide
- 2 cases:
- OTP: User has to input OTP-Value in OpenVPNClient
- Push-Token: User gets notification on Smartphone
- OpenVPN-Server gets login-status from RSA SecurID
Also I don't know if such a complex login-procedure can be done via OpenVPN.
Does anyone have an idea how to get this working this way?