I installed a OpenVPN Access Server today and am absolutely thrilled that it supports Two-Factor authentication.
The only thing I found during testing is that it will, while connecting to the VPN, check the password first, and the authenticator code second.
It'd be much more secure if it would check the code first, and the password second. This way, people (crooks) who will try to guess your password, will need to get the correct code first. Which, because it continually changes, is much harder, and thus way more secure.
Is this something I can configure myself? Or is this something that the OpenVPN team has to hard-code into the server?
EDIT: It would be great if the same concept could be applied to the Client Web-UI login page.
Post your feature requests for OpenVPN Access Server here.
2 posts • Page 1 of 1