This tutorial will explain , how to setup two factor authentication for openvpn client.

 

OpenVPN and Google Authenticator

A Server Administrator/Devops Admin can force OpenVPN Client to use Google Authenticator to get an extra layer of protection for his Network/VPC. By default mutifactor authentication is not enabled on the Access Server. To use this feature we need to enable the 2fa on the Access Server. Once this service is enabled user has to connect the VPN by putting username and Password as well as Authentication code.

 

Setup two factor authentication for OpenVPN

If you want to Install and configure OpenVPN server , I would recommend you the read my previous article How to setup OpenVPN server on AWS

 

Enable 2fa on OpenVPN Access Server

 

Step 1-Login to your Access Server Admin Console

 

Log into your the VPN Server putting URL like the following.

https://openvpn-server-ip-address:943/admin/

 

Navigate to AUTHENTICATION —-> General ———> Google Authenticator Multi-Factor Authentication and Click on Yes and then Save settings.

 

 

Now Click on Update Running Server

 

 

Create a User Account

Step 2 – Create a VPN User on the server

Create a user account e.g – devops-user on VPN Server (  Without clicking on Auto login Checkbox )  .Enter the Password and keep other settings as it is.

Click on Save settings and then Update Running Server

Note- You can leave this step you already have a VPN user created without  auto login permission.

 

Setting up 2fa by VPN Clients( End Users)

Step 3 – Ask user to login the openvpn Client url.

https://openvpn-server-ip:943/

 

 

As soon as the user login with their credentials a QR code  will appear as shown below.

Ask user to  install  the Google Authenticator on their Smart Phone(Android / IOS) and scan the QR code . Put the code generated on the Authenticator as shown below and Click on Confirm Code.

 

 

Now Click on Yourself ( User-locked profile)  to download the VPN Profile.

Download the user profile and rename it as say openvpnclient.ovpn

 

 

Connect OPENVPN using Two Factor Authenticaton

For Linux Operating System

Connect vpn using following command.

 $ sudo openvpn – -config Downloads/openvpnclient.ovpn

Put the Username , Password and Authenticaton Code.

As soon as the end user put the above details his/her vpn will be connected using Two-Factor-Authenticaton(2fa)

 

For Windows Operating System

Right Click on the OpenVPN Client on Taskbar and Click on Import file.

Select the downloaded profile and click on Open

Right Click again on OpenVPN Client and choose the imported profile and Click on Connect.

 

 

Enter the Username , Password and Google Authentication Code from your Smart Phone and click on OK

As soon as you Click on OK your VPN will be connected

 

For MAC Operating System

 

Drag and drop the downloaded profile to add the vpn profile in OpenVPN Client

Now Enter Username and Password followed by Authentication Code

 

As soon as you click on OK you will be able to connect VPN using 2FA

 

Thanks for reading this tutorial about how to setup two factor authentication for openvpn client . If you think this article is really helpful, please do support us to share this article with others directly or via Social media.

Please also share your valuable feedback, comment, or any query in the comment box.I will really happy to resolve your queries.

Thank You