Closed dcpexta closed 1 year ago
In the actual openvpn client is very complicated if you have a VPN connection that require Two-factor authentication. For make it working you need to:
type the password add a space type the temporary code generated
That's the not the way to use 2FA.
If you have static-challenge in the config GUI will prompt for username, password and response with separate boxes for each.
If you use dynamic challenge pushed from the server using legacy challenge-response protocol or new cr-text / webauth protocol, the GUI will prompt for that as well.
So what is it that is not working?
Checked with our system administrator. We use the OpenVPN client 2.6 because we use the TAP mode. So probably is the 2.x that not support the 2FA.
OpenVPN-GUI with OpenVPN 2.5 and 2.6 (latest is 2.6.2) supports 2FA/MFA protocols in OpenVPN as described above. Your server administrator has to set up proper verify infrasturcture on the server-side, and add static-challenge (if using) to the client config file distributed to users, instead of asking users to type password and OTP as space separated string.
If you or your administrator needs help with setting this up correctly, asking on the forum, user mailing list or IRC would be the best approach.
Ok thanks. Could be that the problem is concerning how endian have implement it. We need to check.
In the actual openvpn client is very complicated if you have a VPN connection that require Two-factor authentication. For make it working you need to:
have a textbox where enter the temporary code generated if enabled could be very helpfull.
Thanks