OpenVPN Support Forum

Hi all.

Im testing using auto-login profiles but with MFA still prompted. I followed the instructions here: https://openvpn.net/vpn-server-resource ... ntication/ (second last heading)

This then does prompt for MFA with an auto-login profile, but it never accepts the MFA, it just asks again. Note that it does not say its incorrect like it does if it actually is incorrect. Also, with a user-locked profile the MFA works fine, so I assume there's nothing wrong there.

Anyone else had this problem or can suggest anything to try?

Thanks!

What version of OpenVPN Access Server and what version of OpenVPN Connect client is being used?

Hello fizpop,

> The VPN client is a modern VPN client such as OpenVPN Connect v3.3 or better.

Are you using that or not? This is a very new feature and only works with the most up-to-date software.

Kind regards,
Johan

Ah, thanks guys. It was a long day and missed that line specifying the version. I'm on 3.2.7, will update and try again

Edit: I'm on a Mac and the latest macOS version seems to be 3.2.7. Will have to wait then!

The release notes for OpenVPN Access Server indicates under AS v2.9.2:

Added ability to require MFA for auto-login profiles - requires Connect v3.3 or recent OpenVPN 2 client

The latest stable version of Tunnelblick (currently 3.8.5a) defaults to using OpenVPN (Community Edition) 2.5.3. It doesn't get anymore recent OpenVPN 2 client than that. As an added benefit, they support both Intel and M1 (ARM) Macs.

You can find Tunnelblick here:
https://tunnelblick.net/

So, that may provide the functionality you are looking for while waiting for Connect v3.3 for Mac.

Just make sure AS is on v2.9.2 first and you may also need to re-download the latest profile after upgrading.

v3.3.x of the client for Mac was released and it is now working as it should. Thanks again!