On Wed, Nov 02, 2022 at 02:05:48AM -0000, Stuart Henderson wrote: > If anyone's got any good suggestions on how to do VPNs with 2FA > on an OpenBSD gateway for non-technical users to access (iOS, Android, > Windows clients) I'd love to hear them. > > I could bodge something together with openvpn and TOTP but it doesn't > exactly spark joy.
We're using Let's Connect/EduVPN (https://www.letsconnect-vpn.org/) which is effectively a frontend for OpenVPN and wireguard, with client apps for every major platform. The user authenticates to the VPN server using a browser window, so you can do anything you want there, including MFA. Some minor changes were required to get it working on OpenBSD, mostly relating to EdDSA and chacha support.
