Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVpn Second factor authentication

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 2 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tbaror
      last edited by

      Hello All,

      Is there any way to implement kind of second factor authentication with Pfsense OpenVpn  like google does for example sends phone pin # or password after successful user/password process  that valid only for that session connection ?
      Please advise
      Thanks

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        You mean more than 2 factor.  Since if you auth the clients cert, and require a password you have 2 factor already.  Client has to have the cert (something they have) and they also need the password (something they know).

        Why are people obsessed with making their lives difficult..  Is this some corp policy your trying to meet, where the goal is to make the vpn so difficult to use that nobody actually uses it ;)

        But sure you can setup openvpn on pfsense with freerad and also use a OTP, there multiple ways to skin that cat.. Here is older thread that goes over some of them that others have deployed.

        https://forum.pfsense.org/index.php?topic=95210.0

        I would be curious to the actual use case, if just want to play and see if it can be done great.. My opinion on the matter are in that old thread as well ;)

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • T
          tbaror
          last edited by

          Thanks ,
          i am totally agree with you , but apparently that is iso 27001 requirement , but i succeded to convinced the iso adviser with your argument about second factor authentication with certificate.

          Thanks again ,cheers

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            Yeah its funny how some of these auditors don't actually understand what they are auditing ;)  Ok MFA is a requirement, we are using MFA already.. How many factors you want ;)

            Should we have the uses submit a DNA sample everytime they auth? ROFL  They you would have 3, cert they have, password they know and their dna something they are..

            Glad you got it sorted.. Your users would of prob had a fit with many a help desk call having t add the OTP auth along with their password, etc.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.