Use Windows Machine Account as an authentication option

This is where we can discuss what we would like to see added or changed in OpenVPN.
Post Reply
bp81
OpenVpn Newbie
Posts: 4
Joined: Tue Aug 10, 2021 3:14 pm

Use Windows Machine Account as an authentication option

Post by bp81 » Tue Feb 07, 2023 4:25 pm

This would be a useful feature to me to use in conjunction with an always up / OpenVPN running as a service.

We have some industry and government rules we have to comply with, one of those is 2 factor authentication for anything that provides access to sensitive information or access to a network. For this reason, simple client certificate authentication running in the background will not be acceptable for compliance purposes, since that is a single factor of authentication. User VPN relying on AD credentials and a client certificate is acceptable, but requires user interaction to bring the tunnel up.

I'd like to see a way to use a domain joined machine's AD machine account as one factor of authentication, and then a client certificate as the second. Both of these could be used by a background VPN tunnel that comes up automatically without user intervention.
Top
Post Reply

Return to “Wishlist”