To enable MFA for openvpn user login

huang · March 27, 2025, 3:00am

I created an open VPN server on the Vyos 1.4 rolling version and managed user certificates through Easy-RSA. This method works well. Now, I want to enable MFA auth (Google auth or others) for some users. I have searched for some solutions, but none of them have been successful. Could anyone give some suggestions or configuration example?
The basic setup thinking of mine is:

Install Google Authenticator plugin and OpenVPN Authentic Pam plugin
Generate a Google Authenticator QR code by VPN username and use Google Authentic to scan the QR code to get the OTP number
3, create script to check the username and OTP when VPN user login,
4, enable MFA check in Open VPN server.

Viacheslav · March 27, 2025, 6:20am

search in the docs “mfa totp” VyOS User Guide — VyOS 1.4.x (sagitta) documentation

huang · March 27, 2025, 6:48am

Thank you for reply, I saw there is MFA configuration sample in the user guide, but it’s for all users, I just want to apply the MFA auth to some of vpn user, do you know any way to do that?

system · April 26, 2025, 6:48am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.