Project

General

Profile

Actions
Copy link

Feature #16558

open

Add support of static-challenge OpenVPN option in Radius for 2FA

Added by Lev Prokofev 26 days ago. Updated 1 day ago.

Status:
Confirmed
Priority:
Low
Assignee:
-
Category:
FreeRADIUS
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:

Description

Currently, Radius+OTP requires the user to add the PIN+OTP in the password field every time the user connects. With the static-challenge option(https://openvpn.net/as-docs/tutorials/tutorial--challenge-response-authentication.html#step-3--set-up-a-static-challenge-response), the client can save PIN as the password and add OTP in a separate window. However, the Radius expects to see the password as password=PIN+OTP, to workaround it, the following can be added to the Radius config (this likely should be the GUI option):

if (&request:State) {
    update request {
        User-Password := "%{User-Password}%{reply:Reply-Message}" 
    }
}
Actions
Copy link
 #1

Updated by Kris Phillips 1 day ago

  • Status changed from New to Confirmed

This would be significantly helpful for 2FA configurations with OpenVPN.

Wouldn't this option be for the OpenVPN Export package and not freeRADIUS, however?

Actions
Copy link

Also available in: Atom PDF