Access Server MFA Audit

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
PQuintela
OpenVpn Newbie
Posts: 1
Joined: Wed Aug 04, 2021 4:27 pm

Access Server MFA Audit

Post by PQuintela » Wed Aug 04, 2021 4:31 pm

Hi, I recently deployed Google Authenticator on my Access Server installs and aside from a few hiccups it's been working great. One of those hiccups however was that users with old profiles are able to bypass the Authenticator requirements. Is there a way for me to see if users have an Authenticator tied to their account within either the web interface or the CLI? I'd like to give users who don't have one tied to their accounts a gentle shove in the right direction

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 312
Joined: Tue Feb 16, 2021 10:41 am

Re: Access Server MFA Audit

Post by openvpn_inc » Wed Aug 04, 2021 4:50 pm

Hello PQuintela,

A 2FA bypass is a really serious thing. But I don't think that's what's actually happening here.

Can you verify that you are NOT using the 'openvpn' bootstrap account,
and that you have enabled Google Authenticator,
and that you restarted your Access Server(s) so the new setting is applied,
and that the 'old accounts' are not using autologin type profiles?

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

Post Reply