Re: 2FA VPNs

2022-11-08 Thread Stuart Henderson
On 2022-11-02, Stuart Henderson wrote: > If anyone's got any good suggestions on how to do VPNs with 2FA > on an OpenBSD gateway for non-technical users to access (iOS, Android, > Windows clients) I'd love to hear them. > > I could bodge something together with openvpn and TOTP but it doesn't >

Re: 2FA VPNs

2022-11-02 Thread Zack Newman
If anyone's got any good suggestions on how to do VPNs with 2FA on an OpenBSD gateway for non-technical users to access (iOS, Android, Windows clients) I'd love to hear them. I could bodge something together with openvpn and TOTP but it doesn't exactly spark joy. Ideally the VPN server would

Re: 2FA VPNs

2022-11-02 Thread Uwe Werler
On 02 Nov 02:05, Stuart Henderson wrote: > If anyone's got any good suggestions on how to do VPNs with 2FA > on an OpenBSD gateway for non-technical users to access (iOS, Android, > Windows clients) I'd love to hear them. > > I could bodge something together with openvpn and TOTP but it doesn't >

Re: 2FA VPNs

2022-11-02 Thread Janne Johansson
Perhaps have authpf add clients to a PF table which allows them to vpn in? The ssh part could have all kinds of S/Key and certificate additions if need be. Or have people wireguard into the bastion host first, then use authpf to be let further into the network, since wg is far more silent when it

Re: 2FA VPNs

2022-11-01 Thread Jonathan Matthew
On Wed, Nov 02, 2022 at 02:05:48AM -, Stuart Henderson wrote: > If anyone's got any good suggestions on how to do VPNs with 2FA > on an OpenBSD gateway for non-technical users to access (iOS, Android, > Windows clients) I'd love to hear them. > > I could bodge something together with openvpn

Re: 2FA VPNs

2022-11-01 Thread Tom Smyth
Hi Stuart, some of the commercial systems we have used use Radius as the Authentication Mechanisim... One could do a rudimentary OTP password system using Radius ... some OTP systems allow for Caching a series of One Time passowrds circa 100 passwords... so it could be fesible to have 100

2FA VPNs

2022-11-01 Thread Stuart Henderson
If anyone's got any good suggestions on how to do VPNs with 2FA on an OpenBSD gateway for non-technical users to access (iOS, Android, Windows clients) I'd love to hear them. I could bodge something together with openvpn and TOTP but it doesn't exactly spark joy.