Hi, On Mon, Jul 05, 2021 at 11:56:01AM -0400, David Mehler wrote: > Thank you for your reply. I do not have a plugin-auth-pam I've run a > find for it.Where would this be at, this would be perfect, espeecially > if I'm understanding your response right each client certificate would > then be bound to a specific username and password which would have to > be validated serverside.
You need to set up server authentication "somehow".
*How* you do this is not built into OpenVPN, as everybody's needs are
too different. OpenVPN provides a plugin interface, and the package
includes a plugin that can query PAM modules (auth-pam.so), and also
a script interface (--auth-user-pass-verify $script).
Now, depending on your specific 2FA method, PAM might be a good approach
if there is a PAM module already around. But you'll need to do some
googling and reading.
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
