Autologin only for known IP

[ecasti]

Hi all,
i'm planning to use you OpenVPN-AS on AWS for permit connection to multiple user ( developer and sysadmin ) to our Environment from internal.
Everything meet our need, and the prototipe is working, but we need this rule:
- A user can connect from known IP ( our offices ) using Autologin profile
- A user must use login/password and MFA if is trying to connect from unknown IP ( eg. from home,airport, etc ).

Is possible this kind of setup, for example starting multiple daemon on multiple port/IP and enabling Autologin only to one daemon and filtering ( using AWS firewall ) the source IP that can access to privileged demon ?

Regards,
Enrico Casti

[ecasti]

The Subject of the topic should be "Autologin only for known IP", my mistake

[skillbuilders-dave]

Did anyone answer this question?

"but we need this rule:
- A user can connect from known IP ( our offices ) using Autologin profile
- A user must use login/password and MFA if is trying to connect from unknown IP ( eg. from home,airport, etc ).
"

[novaflash]

I cannot think of any way to do that with one server, sorry. An auto-login profile implies complete trust and does not go through any authentication steps at all. It just connects. To apply additional restrictions to this type of profile is just not possible.

The only thing I can think of that can work is setting up two servers, one with auto-login profile, and then another with username+password authentication, and lock down the one that accepts auto-login connections using a firewall to only allow connections from the known trusted IP.