Project

General

Profile

Actions

Feature #13293

open

Option to set auth-gen-token in OpenVPN GUI

Added by Marcos M about 2 months ago. Updated about 1 month ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
OpenVPN
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default

Description

This option is useful to avoid having to frequently manually re-authenticate when using MFA.

--auth-gen-token [lifetime]
After successful user/password authentication, the OpenVPN server will with this option generate a temporary authentication token and push that to client. On the following renegotiations, the OpenVPN client will pass this token instead of the users password. On the server side the server will do the token authentication internally and it will NOT do any additional authentications against configured external user/password authentication mechanisms.The lifetime argument defines how long the generated token is valid. The lifetime is defined in seconds. If lifetime is not set or it is set to 0, the token will never expire.
This feature is useful for environments which is configured to use One Time Passwords (OTP) as part of the user/password authentications and that authentication mechanism does not implement any auth-token support.

This should be the preferred option over increasing/disabling reneg-sec.


Related issues

Related to Feature #12466: Option to Disable Renegotiation timer in OpenVPN ServerNew

Actions
Actions #1

Updated by Marcos M about 2 months ago

  • Related to Feature #12466: Option to Disable Renegotiation timer in OpenVPN Server added
Actions #2

Updated by Marcos M about 1 month ago

It's unclear if the concerns mentioned on the following link have been addressed - best to keep this as a custom option for now until that's clarified:
https://community.openvpn.net/openvpn/ticket/1147

Actions

Also available in: Atom PDF