OpenVPN client configuration for passing MFA static challenge response

Scripts which allow the use of special authentication methods (LDAP, AD, MySQL/PostgreSQL, etc).

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
robross0606
OpenVpn Newbie
Posts: 3
Joined: Wed Jan 13, 2016 9:36 pm

OpenVPN client configuration for passing MFA static challenge response

Post by robross0606 » Tue Jan 17, 2023 3:58 pm

I have a client configuration set up on my router which has worked for a long time with typical OpenVPN authentication (certs, U/P auth, etc.). Recently the server end of this enabled mandatory multi-factor authentication (MFA) using a one-time password (OTP):

Code: Select all

static-challenge "Enter Authenticator Code" 1
I have been able to set up the OTP generator part of this so that I can access the correct OTP generated response code from an script on the same environment where the OpenVPN client is connecting. However, I cannot seem to figure out how to set up the OpenVPN client (cli) scripting on Tomato to pass this response during client authentication with the remote server. All my Google searching yields tons of articles about how to set up the server side of MFA on OpenVPN, but very little to nothing about how to pass it on the client side from the command line. All the articles seem to assume the client side will be using one of the GUI apps (Windows, MacOS, etc.) with live challenge/response. Any help or ideas here would be much appreciated!

Post Reply