On 05/07/2021 18:39, Gert Doering wrote:
Hi,
On Mon, Jul 05, 2021 at 11:56:01AM -0400, David Mehler wrote:
Thank you for your reply. I do not have a plugin-auth-pam I've run a
find for it.Where would this be at, this would be perfect, espeecially
if I'm understanding your response right each client certificate would
then be bound to a specific username and password which would have to
be validated serverside.
You need to set up server authentication "somehow".
*How* you do this is not built into OpenVPN, as everybody's needs are
too different. OpenVPN provides a plugin interface, and the package
includes a plugin that can query PAM modules (auth-pam.so), and also
a script interface (--auth-user-pass-verify $script).
Now, depending on your specific 2FA method, PAM might be a good approach
if there is a PAM module already around. But you'll need to do some
googling and reading.
Gert is right, there are no community "out-of-the-box" solutions for
this on the server side.
If you feel doing it yourself takes too much efforts, you may consider
the commercial OpenVPN Access Server [1] or OpenVPN Cloud [2] offerings
as an alternative to a DIY approach.
[1] <https://openvpn.net/access-server/>
[2] <https://openvpn.net/cloud-vpn/>
--
kind regards,
David Sommerseth
OpenVPN Inc
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
