how to make ocserv do totp 2FA?

Wang Jian larkwang at gmail.com
Mon May 18 07:46:12 PDT 2015


Hi,

I am evaluating VPN with 2FA (w/ TOTP) supports inhouse.

Currently, we use openvpn to do static 2FA (w/ shared client certificate), but
it's not easy for hundreds of employee scale, and configuration file got leaked
easily (actually happened). So this time, we do want to use a solution with less
client setup effort.

OpenConnect server and client are good starting point, coz openconnect &
anyconnect clients all support 2FA.

Although multiple factor authentication support is available for
ocserv long ago,
I can't find docs about how to make static password + totp work for ocserv.Is it
possible?

Obviously, the current ocserv auth backends don't support such setup. But if I
can make client send username, password and 2nd password, I can hack a backend
to do password & totp code auth for inhouse use. Anyone can help me out?

Regards.



More information about the openconnect-devel mailing list