OpenVPN Two Factor Authentication: Whether you use certificates, passwords, PAM or LDAP you can easily add a second layer of authentication using Authy.
The Authy plugin is designed to work with your existing authentication strategy, it simply add's another layer to what you are already using.
Your organization is diverse. Maybe not everyone has a smartphone. Authy supports many different forms of authentication.
Authy comes with a centralized management dashboard. If any of your users loses or gets his token stolen, you can quickly disable it from a central location.
curl 'https://codeload.github.com/authy/authy-openvpn/zip/master' -o authy-openvpn.zip && tar -zxvf authy-openvpn.zipcd authy-openvpn-master sudo make install
This is not working!
We have a great trouble-shooting guide at: https://github.com/authy/authy-openvpn/blob/master/TROUBLESHOOTING.md
How can I enable Two-Factor Authentication?
If you successfully completed the installation steps, you ended up with some lines like plugin authy-openvpn.so at the end of you OpenVPN configuration, you will only need to run sudo authy-vpn-add_users to add users to you VPN.
I haven't added users with the script authy-vpn-add-users or manually, and my vpn users can't login, what happened?
Authy plugin whitelist users, so it will only authorize users that are in the authy-vpn.conf
How can I ensure that each user is using its certificate?
You can edit the authy-vpn.conf file and add between the user login and user authy_id the common name, this will ensure that the common name provided by the certificate matches with the user login.
One of the big problems that some OpenVPN deployments have is how to avoid unauthorized access when the certificates or passwords are compromised. This problem is easily solved by adding the Two-Factor Authentication with Authy, because now the attackers will need to get access to Authy Tokens.
This Authy plugin provides easy ways to install it in different environments (ubuntu, debian, redhat, centos, windows, and other *nix by building the sources), with helpful scripts to add users and edit vpn configuration files.
It isn't just easy for Admins, it is also easy for the end users. With our easy to use mobile app Two-Factor Authentication everyone can enjoy a second layer of security.