Facebook Icon Facebook Icon Twitter Icon Twitter Icon Linkedin Icon Linkedin Icon Blog Icon Blog Icon Checkmark Icon Checkmark Icon Small Checkmark Icon Small Checkmark Icon Small Checkmark Icon Small Checkmark Icon Clock Icon Clock Icon Cloud Icon Cloud Icon Cloud Upload Icon Cloud Upload Icon Compass Icon Compass Icon Medium count 1 Icon Medium count 1 Icon Medium count 2 Icon Medium count 2 Icon Medium count 3 Icon Medium count 3 Icon Medium count 4 Icon Medium count 4 Icon Medium count 5 Icon Medium count 5 Icon Medium count 6 Icon Medium count 6 Icon Medium count 7 Icon Medium count 7 Icon Medium count 8 Icon Medium count 8 Icon Medium count 9 Icon Medium count 9 Icon Medium count 10 Icon Medium count 10 Icon Medium count 11 Icon Medium count 11 Icon Medium count 12 Icon Medium count 12 Icon Medium count 13 Icon Medium count 13 Icon Medium count 14 Icon Medium count 14 Icon Medium count 15 Icon Medium count 15 Icon Device with a checkmark Icon Device with a checkmark Icon Device Icon Device Icon Documentation Icon Documentation Icon Dollar Sign Icon Dollar Sign Icon Extend Icon Extend Icon Eye Icon Eye Icon Gear Icon Gear Icon Globe Icon Globe Icon Graph Icon Graph Icon Guidelines Icon Guidelines Icon Laptop Icon Laptop Icon Layers with checkmark Icon Layers with checkmark Icon Key Icon Key Icon Lock Icon Lock Icon Paper Airplane Icon Paper Airplane Icon Pencil Icon Pencil Icon Phone Icon Phone Icon Reliability Icon Reliability Icon Reset Icon Reset Icon Shield with Checkmark Icon Shield with Checkmark Icon Timer Icon Timer Icon Tools Icon Tools Icon Tutorial Icon Tutorial Icon Upload Icon Upload Icon User with Checkmark Icon User with Checkmark Icon User Icon User Icon Wallet Icon Wallet Icon Case Study Icon Case Study Icon Video Icon Video Icon Webinar Icon Webinar Icon White Paper Icon White Paper Icon

VPN Locked Down

OpenVPN Two Factor Authentication: Whether you use certificates, passwords, PAM or LDAP you can easily add a second layer of authentication using Authy.

SSHOpenVPN

Features

  • Certificates, PAM, LDAP or something else.

    The Authy plugin is designed to work with your existing authentication strategy, it simply add's another layer to what you are already using.

  • Mobile Tokens, SMS, Phone Calls or Hardware Tokens

    Your organization is diverse. Maybe not everyone has a smartphone. Authy supports many different forms of authentication.

  • Better control

    Authy comes with a centralized management dashboard. If any of your users loses or gets his token stolen, you can quickly disable it from a central location.

Watch the Video

Installation steps

  1. Compile and install
    curl 'https://codeload.github.com/authy/authy-openvpn/zip/master' -o authy-openvpn.zip && tar -zxvf authy-openvpn.zipcd authy-openvpn-master
    sudo make install
  2. Get your free Authy API KEY from https://www.twilio.com/try-twilio.
  3. Finally configure the plugin.
    sudo scripts/post-install
  4. For more installation options go to https://github.com/authy/authy-openvpn

Troubleshooting

This is not working!
We have a great trouble-shooting guide at: https://github.com/authy/authy-openvpn/blob/master/TROUBLESHOOTING.md

FAQ

How can I enable Two-Factor Authentication?
If you successfully completed the installation steps, you ended up with some lines like plugin authy-openvpn.so at the end of you OpenVPN configuration, you will only need to run sudo authy-vpn-add_users to add users to you VPN.

I haven't added users with the script authy-vpn-add-users or manually, and my vpn users can't login, what happened?
Authy plugin whitelist users, so it will only authorize users that are in the authy-vpn.conf

How can I ensure that each user is using its certificate?
You can edit the authy-vpn.conf file and add between the user login and user authy_id the common name, this will ensure that the common name provided by the certificate matches with the user login.

Benefits

  • Enhanced security

    One of the big problems that some OpenVPN deployments have is how to avoid unauthorized access when the certificates or passwords are compromised. This problem is easily solved by adding the Two-Factor Authentication with Authy, because now the attackers will need to get access to Authy Tokens.

  • Easy and simple for admins

    This Authy plugin provides easy ways to install it in different environments (ubuntu, debian, redhat, centos, windows, and other *nix by building the sources), with helpful scripts to add users and edit vpn configuration files.

  • Hassle free

    It isn't just easy for Admins, it is also easy for the end users. With our easy to use mobile app Two-Factor Authentication everyone can enjoy a second layer of security.