0

I have site-to-site tunnel configuration set up on a Linux router which has worked for several years with typical OpenVPN authentication (certs, U/P auth, etc.). In this setup, my Linux router is the client side of the site-to-site tunnel. Recently the server end of this enabled mandatory multi-factor authentication (MFA) using a one-time password (OTP):

static-challenge "Enter Authenticator Code" 1

I have been able to set up the OTP generator part of this so that I can access the correct OTP generated response code from a script. However, I cannot seem to figure out how to set up the OpenVPN client (cli) automated scripting to pass this response during client authentication with the remote server. All my searching yields many articles and threads about how to set up the server side of MFA on OpenVPN, but very little to nothing about how to pass it on the client side from the command line. All the articles seem to assume the client side will be using one of the GUI apps (Windows, MacOS, etc.) with live challenge/response. Any help or ideas here would be much appreciated!

robross0606
  • 101
  • Multifactor authentication such as this is 99.999% intended for interactive use cases. Those that aren't use hardware HSM modules and a truckload of OS and application code. That's why there isn't much information available. For example, both AWS and Azure have HSM solutions. Of course that doesn't mean that something can't be cobbled together. That is known as "wish it were Multifactor". – Greg Askew Mar 13 '23 at 13:53

0 Answers0