Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    Introducing Netgate Nexus: Multi-Instance Management at Your Fingertips.

    How to configure true 2FA (LDAP + Google Authenticator OTP) for OpenVPN on pfSense?

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 301 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      SpiKe69
      last edited by

      Hi,
      I have a VPN implemented with OpenVPN on pfSense, and I would like to configure VPN access credentials to use two-factor authentication (2FA) combining LDAP (via FreeRADIUS-LDAP) for username/password and OTP via Google Authenticator.
      Currently, I can successfully authenticate using either FreeRADIUS-LDAP or Google OTP separately, but I’m unable to enable both in the same authentication session to achieve true 2FA.
      Is it possible to configure pfSense so that OpenVPN requires LDAP credentials and an OTP code during the same login process?
      If so, could you provide guidance, best practices, or documentation on how to set this up?
      Thank you in advance!

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG Offline
        Gertjan @SpiKe69
        last edited by

        @SpiKe69

        Throw this in Google :

        ab3ac78f-eaf8-4d8a-9c1c-743a7ed0f808-image.png

        and you get this back : FreeRadius on pfSense software for Two Factor Authentication.

        LDAP is also mentioned : "How to integrate FreeRadius with LDAP on pfSense?"

        No "help me" PM's please. Use the forum, the community will thank you.

        S 1 Reply Last reply Reply Quote 0
        • S Offline
          SpiKe69 @Gertjan
          last edited by

          @Gertjan
          I know the guides and they work, but separately. I would like the same user, when connecting with OpenVPN, to first authenticate with LDAP and then immediately afterward with Google Authenticator: Prompt 1 = LDAP, Prompt 2 = Google OTP. Following the guides, in fact, either one or the other method works, but not both simultaneously in the same authentication session.

          1 Reply Last reply Reply Quote 0
          • GertjanG Gertjan referenced this topic on
          • First post
            Last post
          Copyright 2026 Rubicon Communications LLC (Netgate). All rights reserved.