This would be a useful feature to me to use in conjunction with an always up / OpenVPN running as a service.
We have some industry and government rules we have to comply with, one of those is 2 factor authentication for anything that provides access to sensitive information or access to a network. For this reason, simple client certificate authentication running in the background will not be acceptable for compliance purposes, since that is a single factor of authentication. User VPN relying on AD credentials and a client certificate is acceptable, but requires user interaction to bring the tunnel up.
I'd like to see a way to use a domain joined machine's AD machine account as one factor of authentication, and then a client certificate as the second. Both of these could be used by a background VPN tunnel that comes up automatically without user intervention.
This is where we can discuss what we would like to see added or changed in OpenVPN.
1 post • Page 1 of 1
- OpenVpn Newbie
- Posts: 4
- Joined: Tue Aug 10, 2021 3:14 pm