I am not sure when OpenVPN added multi-factor support to their Access Server but I am thrilled that they did. It must have been recently (within the last few weeks or months) as I was using OpenVPN Access Server about 4 months ago as a temporary solution while my main solution was down and it did not have Multi-Factor built-in. All I have to say is, THANK YOU!
I have been wrestling with Multi-factor solutions like Authy on the Community Edition of the server (Because Authy doesn’t even begin to work with OpenVPN Access Server) and was about ready to pursue trying out DUO with Access Server. Well… when I got into the Admin Web GUI for Access Server I discovered that there were options for turning on Google Authenticator built right in now. Skeptical as I was, I gave it a go anyhow. Up until now the only implementations of Google Authenticator with Access Server or Community Edition were little more than complex hacks. No longer though! It works, and it works beautifully. Because Access Server includes a Client Portal where users sign-up and download the client software for their machines, OpenVPN was able to streamline the Authenticator setup right into the client web portal. Furthermore, rather than having the user try to combine their password (which is hopefully complex) with their rotating PIN on the fly… i.e. typing in their credentials as USERNAME PASSWORD-PIN – which is a pain and undoubtedly leads to a rise is mis-authentications, OpenVPN uses a separate input box. THANK YOU!
So, what does this mean? Easy Multi-Factor Authentication that is very affordable. If you only need two concurrent connections the whole setup is actually free making it perfectly accessible for small business. Google Authenticator is free, as in free and OpenVPN Access Server is pretty affordable if you need to buy licenses for more concurrent connections. Anyhow, here is a picture of the setup screen (it is painfully simple!):