On 24/3/25 08:30, Jeffrey Walton wrote:
My question is, does strongSwan or OpenVPN allow on-demand VPN over
SSH with credential prompts? That is, I want to SSH into the router,
then manually enter username, password and mfa code when I start the
VPN. I believe I can use charon-cmd for the {username, password}
prompt, but I am less clear on the mfa challenge that follows.
You could use MFA on the SSH connection and then use certificates to
establish the VPN connection?
My SSH MFA setup has clients must connect using a certificate, then they
must enter a pasword, and then they must complete a google authenticator.
It is possible to configure OpenVPN with MFA such as google
authenticator, but other mechanisms are possible.
