How to setup two factor authentication for OPENVPN client
This tutorial will explain , how to setup two factor authentication for openvpn client.
OpenVPN and Google Authenticator
A Server Administrator/Devops Admin can force OpenVPN Client to use Google Authenticator to get an extra layer of protection for his Network/VPC. By default mutifactor authentication is not enabled on the Access Server. To use this feature we need to enable the 2fa on the Access Server. Once this service is enabled user has to connect the VPN by putting username and Password as well as Authentication code.
Setup two factor authentication for OpenVPN
If you want to Install and configure OpenVPN server , I would recommend you the read my previous article How to setup OpenVPN server on AWS
Enable 2fa on OpenVPN Access Server
Step 1-Login to your Access Server Admin Console
Log into your the VPN Server putting URL like the following.
Navigate to AUTHENTICATION —-> General ———> Google Authenticator Multi-Factor Authentication and Click on Yes and then Save settings.
Now Click on Update Running Server
Create a User Account
Step 2 – Create a VPN User on the server
Create a user account e.g – devops-user on VPN Server ( Without clicking on Auto login Checkbox ) .Enter the Password and keep other settings as it is.
Click on Save settings and then Update Running Server
Note- You can leave this step you already have a VPN user created without auto login permission.
Setting up 2fa by VPN Clients( End Users)
Step 3 – Ask user to login the openvpn Client url.
As soon as the user login with their credentials a QR code will appear as shown below.
Ask user to install the Google Authenticator on their Smart Phone(Android / IOS) and scan the QR code . Put the code generated on the Authenticator as shown below and Click on Confirm Code.
Now Click on Yourself ( User-locked profile) to download the VPN Profile.
Download the user profile and rename it as say openvpnclient.ovpn
Connect OPENVPN using Two Factor Authenticaton
For Linux Operating System
Connect vpn using following command.
$ sudo openvpn – -config Downloads/openvpnclient.ovpn
Put the Username , Password and Authenticaton Code.
As soon as the end user put the above details his/her vpn will be connected using Two-Factor-Authenticaton(2fa)
For Windows Operating System
Right Click on the OpenVPN Client on Taskbar and Click on Import file.
Select the downloaded profile and click on Open
Right Click again on OpenVPN Client and choose the imported profile and Click on Connect.
Enter the Username , Password and Google Authentication Code from your Smart Phone and click on OK
As soon as you Click on OK your VPN will be connected
For MAC Operating System
Drag and drop the downloaded profile to add the vpn profile in OpenVPN Client
Now Enter Username and Password followed by Authentication Code
As soon as you click on OK you will be able to connect VPN using 2FA
Thanks for reading this tutorial about how to setup two factor authentication for openvpn client . If you think this article is really helpful, please do support us to share this article with others directly or via Social media.
Please also share your valuable feedback, comment, or any query in the comment box.I will really happy to resolve your queries.