lagman
commented
5 years ago You mean instead of passwords?
Open NathanZhang217 opened 5 years ago
lagman
commented
5 years ago You mean instead of passwords?
NathanZhang217
commented
5 years ago You mean instead of passwords?
Not instead password. If possible, I'd like to use both password and key file, some kind of two factors authentication. Thanks.
lagman
commented
5 years ago see if this option on openvpn does what you need. verify-client-cert
by default in this project is set to none.
it takes three options:
Take a loot at this, and see if it does what you want
NathanZhang217
commented
5 years ago Thanks for the answer. Yes, by requiring verify-client-cert, I can have two factor auth of OpenVPN. After this, I still need the OpenVPN-Admin to generate and sign the key for each user. And make the key downloadable with the config files. I guess there's some PHP scripting work to do. Any help with this part?
lagman
commented
5 years ago https://github.com/Nyr/openvpn-install take a look at this script, and see how it creates a certificate, and after the cert is created using this commit https://github.com/lagman/OpenVPN-Admin/commit/0ebe5b52ea3654f9f7632172d594e01daca00a0b see how it can be added to the script
I'm planing to generate individual key file for each user by OpenVPN-Admin. Then all users will use key files to connect to OpenVPN. Any suggestion or sample of config file? Thanks.