Results 1 to 6 of 6
  1. #1
    Newbie
    Join Date
    Apr 2018
    Posts
    5

    Default Support for Multi-Factor Authentication (MFA)

    Hi all-

    Is there a way that I can have my OpenVPN configuration require MFA such as DUO, Authy, Google Authenticator etc... for a user to authenticate to the VPN? I know that there are options for a native OpenVPN linux install, but can't seem to figure out how to configure in Untangle.

    Thanks

    Chris

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    22,699

    Default

    No, you can password lock the files. Honestly I'm confused as to why you're trying. Untnagle's OpenVPN implementation is locked via certificates. You aren't guessing those, you have to steal a machine with them on it.
    f1assistance likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Master Untangler
    Join Date
    May 2008
    Posts
    804

    Default

    Isn't password plus certificate two factor?
    f1assistance likes this.

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    22,699

    Default

    Quote Originally Posted by donhwyo View Post
    Isn't password plus certificate two factor?
    Technically no, two factor means two factors of authentication for a single access. A password locked certificate is two factors for two separate authentications to get access, that's not the same thing. Though for many that might be considered functionally equivalent.

    The thing is multi-factor only really applies to weak authentication mechanisms, like passwords. As soon as you step into using certificates the game changes. But for high security environments, it may not be enough.
    f1assistance, donhwyo and trboxman like this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Master Untangler
    Join Date
    May 2008
    Posts
    804

    Default

    Thanks

  6. #6
    Master Untangler f1assistance's Avatar
    Join Date
    Apr 2009
    Location
    Holly Springs, NC
    Posts
    893

    Default

    Quote Originally Posted by sky-knight View Post
    Technically no, two factor means two factors of authentication for a single access. A password locked certificate is two factors for two separate authentications to get access, that's not the same thing. Though for many that might be considered functionally equivalent.

    The thing is multi-factor only really applies to weak authentication mechanisms, like passwords. As soon as you step into using certificates the game changes. But for high security environments, it may not be enough.
    BOOM! Very, very well said and explained...you continue to set a high bar my friend. Thanks!
    Untangle...because nothing's worse than doing nothing!
    -------
    2, Pentium (R) Dual-Core CPU E5300 @ 2.60GHz 2599.968, 2089.96MB RAM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2