Using OpenVPN + 2FA with Google Authenticator
OpenVPN will attempt to have a client renegotiation every 60 minutes (3600 sec) by default, which will prompt the user to enter their 2FA pin to continue the connection.
Renegotiate data channel key after n seconds (default=3600). When using a (OTP) one time password, be advised that your connection will automatically drop because your password is not valid anymore. Set to 0 to disable, remember to change on server and client as well.
If you want unlimited connection without these interruptions, update the /etc/openvpn/client-template.txt file and add
reneg-sec 0 parameter, this file can look like this:
dev tun persist-tun persist-key data-ciphers-fallback AES-256-CBC auth SHA512 client resolv-retry infinite reneg-sec 0 remote 203.0.113.1 1194 udp lport 0 verify-x509-name "C=IT, ST=IT, L=example, O=Azienda, emailAddressfirstname.lastname@example.org, CN=OPN.example.tld" subject remote-cert-tls server auth-user-pass auth-nocache compress
We are sorry that this post was not useful for you!
Let us improve this post!
Tell us how we can improve this post?