Use Windows Machine Account as an authentication option

This is where we can discuss what we would like to see added or changed in OpenVPN.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
bp81
OpenVpn Newbie
Posts: 4
Joined: Tue Aug 10, 2021 3:14 pm

Use Windows Machine Account as an authentication option

Post by bp81 » Tue Feb 07, 2023 4:25 pm

This would be a useful feature to me to use in conjunction with an always up / OpenVPN running as a service.

We have some industry and government rules we have to comply with, one of those is 2 factor authentication for anything that provides access to sensitive information or access to a network. For this reason, simple client certificate authentication running in the background will not be acceptable for compliance purposes, since that is a single factor of authentication. User VPN relying on AD credentials and a client certificate is acceptable, but requires user interaction to bring the tunnel up.

I'd like to see a way to use a domain joined machine's AD machine account as one factor of authentication, and then a client certificate as the second. Both of these could be used by a background VPN tunnel that comes up automatically without user intervention.

Post Reply