Windows Client and MFA

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
rhouston
OpenVpn Newbie
Posts: 1
Joined: Mon Oct 11, 2021 4:03 pm

Windows Client and MFA

Post by rhouston » Mon Oct 11, 2021 4:25 pm

Hello all,

Sorry if this has been asked and answered.

I have a need to get MFA to work with OpenVPN based on PFSense.

I have a flawless OpenVPN solution for our 40 users and ptp to our DR sire. It never fails. OpenVPN is rock solid and has been for years. Life saver during Covid. Hats off to the team!!

We now have need to add MFS to meet a cyber insurance requirement, good to have anyways.

Here is what I have so far.

1: Working OpenVPN setup with TLSauth
2: Have added radius auth which we are pointing at Ping Federate bridge server in our environment.
3: I have configured the OpenVPN Windows clients to client-auth-password (not sure how else to kick stat the radius auth with out it)

The client pops up the UID and pass prompt.

Is there a way to prompt the RADIUS server for the MFA without prompting for UID and pass?

I have setup the RADUIS sever for UID and password auth as well, many other issues there, but if I can use TLSAuth and the second factor via Ping Identity and not have to deal with UID and pass as well would be great.

So in sort I am asking if there is a way to require the MFA from the PingFederate server with out having to prompt for UID and pass as well.
We have tested MFS from an external client to the PingFederate server and it works fine. The user get a push request to there phone and once you authenticate, bio metric in my case, the radius server returns authentication success to the radius server.

Hope this all makes sense.

Thanks everyone and any help is very much appreciated.

Post Reply