Configure Two Factor Authentication for OpenVPN Access Server

Overview :

In recent years, there has been number of hackers, security threats , data breach , etc been revolving in the industry. Also recent issues with Heartbleed have been high risk to the IT industry. To have one more level of security for VPN infrastructure there is a simple to implement DUOSecurity within OPENVPN.

5 Simple Steps

  1. Create the duosecurity account under https://www.duosecurity.com
  2. Download the file duosecurity-duo_openvpn_as-5de4115.tar (https://github.com/duosecurity/duo_openvpn_as)
  3. Create the Integration under the DUO Security.
  4. Edit the file  duo_openvpn_as.py and update the following values 
    1.  Fill in your integration credentials on the following three lines:
    2. IKEY = ‘xxxxxxxxxxxxxxxxxxxxxxxx’
    3. SKEY = ‘yyyyyyyyyyyyyyyyyyyyyyyyyyy’
    4. HOST = ‘3445456456456546.com’
  5. Upload the updated file under 
  6. Run the following command to run the post auth script.
  7. /usr/local/openvpn_as/scripts/sacli -a xyzuser \
    1. -k auth.module.post_auth_script –value_file=/usr/local/openvpn_as/scripts/duo_openvpn_as.py ConfigPut
    2. $ sudo /usr/local/openvpn_as/scripts/sacli -a xyzuser Reset
  8. Reboot the services.
  9. All Done for now , download and connect the application now.
  10. Should be able to pop up with the DUO Authentication.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.