On 3 December 2025 14:31:46 CET, NgTech LTD <[email protected]> wrote: >I was wondering if it's possible to use 2fa with squid? >If so, how? >The authentication of squid is based on a couple methods, but, by what I >can identify the 2fa? Is there any option to use some kind of token which >can be acquired via some external authentication service? >I am unsure if it's doable or not. >I have seen a couple VPN services which offer 2fa, but all of these have >connection based authentication. > >The only service I have seen which has a nice concept of 2fa is Defguard. >It uses Wireguard combined with psk. >The flow is that the app contacts a management service and the 2fa >authentication is done against this service. >Then this service generates the WG config PSK and pushes it to the WG >service. >The app then connects with a combination of KEY+PSK. >The detection of connection invalidation ("disconnection") is when there is >no activity after 3 minutes on the WG peer(or by disconnection in the app). >Then the PSK is automatically being revoked/changed in the peer config >which blocks it' usage. >It's not a perfect solution but it's a nice enough implementation. > >The issue with a proxy connection is that the client-to-service connection >is in plain text. >So my assumption is that if we can secure the client-to-proxy and the >generated config delivery to the client we can kind of consider it "secure >enough". > >I am wondering to myself about the available options in the proxy market. > >Thanks, >Eliezer
Check out privacyidea.org HTH /tony _______________________________________________ squid-users mailing list [email protected] https://lists.squid-cache.org/listinfo/squid-users
