I've been told by my tech guys that, to authenticate using two-factor, each time I wish to connect to our VPN, I have to edit the password to append the 2FA token to it - is this the only way? surely there is a way of getting a 2FA challenge popup - rather than having to edit the password manually?
It's running on a Sophos UTM
2FA palaver
- openvpn_inc
- OpenVPN Inc.
- Posts: 1333
- Joined: Tue Feb 16, 2021 10:41 am
Re: 2FA palaver
Hello jayartibee,
MFA can be implemented either in a separate challenge, or by combining the MFA response with the password, and having the target authentication system splitting those up again. This is not something that OpenVPN decides. This is something that the authentication system decides. This is just the way they have decided to implement it.
Only thing I can advise you is that if you don't like this, and you would the challenge to be separate, to ask your tech guys if they can implement it that way. OpenVPN certainly supports that. It's just not been implemented this way by whatever system you're using. If this system supports doing it with a separate challenge then get them to do that. If it doesn't, well, then there's not much you can do aside from looking for another VPN server solution that does implement MFA with a separate dialog.
Kind regards,
Johan
MFA can be implemented either in a separate challenge, or by combining the MFA response with the password, and having the target authentication system splitting those up again. This is not something that OpenVPN decides. This is something that the authentication system decides. This is just the way they have decided to implement it.
Only thing I can advise you is that if you don't like this, and you would the challenge to be separate, to ask your tech guys if they can implement it that way. OpenVPN certainly supports that. It's just not been implemented this way by whatever system you're using. If this system supports doing it with a separate challenge then get them to do that. If it doesn't, well, then there's not much you can do aside from looking for another VPN server solution that does implement MFA with a separate dialog.
Kind regards,
Johan
OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support