On 02 Nov 02:05, Stuart Henderson wrote: > If anyone's got any good suggestions on how to do VPNs with 2FA > on an OpenBSD gateway for non-technical users to access (iOS, Android, > Windows clients) I'd love to hear them. > > I could bodge something together with openvpn and TOTP but it doesn't > exactly spark joy. > >
Two possible solutions are coming to my mind. Use OpenVPN with bsd-auth and configure login_totp from package login_oath. So one has the client certificate plus totp. Or configure L2TP/IPsec with certificates and configure npppd to use radius. Either use then radiusd with bsdauth or use freeradius for mfa. -- wq: ~uw