Openvpn + 2FA
-
I have a client who has a local domain (windows servers 2019) and a Netgate 4200.
On the Netgate I setup an openvpn server, so they can connect safely to the network when working from home.
The Netgate is connected to the domain with a LDAP connection, so the users can use the username and password to login to the vpn connection.
All good so far.
Now they want to use a 2FA solution as an extra security option. (eg Microsoft authenticator app on the smartphone)To do this, do I really need to setup a NPS on a server? or can I just activate a 2FA method on the method (maybe when I create local users on the Netgate, so without LDAP)
And in either case, where do I find a recent tutorial?
-
Scroll down a bit ?!
Stop here : "How to configure true 2FA (LDAP + Google Authenticator OTP) for OpenVPN on pfSense?". -
@Gertjan It was an 80% good manual, and I got it working when the username is created manually in the FreeRadius service. But when using ldap and freeradius, the 2FA stops working. Then you need NPS or DuoSecurity... and it is a whole different ballgame.
