Possible? OpenVPN server requiring both certificate- AND password-based login (via Tomato router firmware)
Posted
by
Eric
on Server Fault
See other posts from Server Fault
or by Eric
Published on 2012-08-23T03:41:42Z
Indexed on
2013/06/29
16:23 UTC
Read the original article
Hit count: 164
I've been using Shibby's build of Tomato (64k NVRAM version) on my Asus N66U router in order to run an OpenVPN server.
I'm curious whether it's possible to setup this OpenVPN server to require both a certificate AND a username/password before a user is allowed access.
I noticed there's a "challenge password" entry when filling out the certificate details, but everyone says to leave it blank "or else"; I have no idea why, and I can't find an explanation. In addition, I've Google'd this issue a bunch and have noticed people talking about a PAM module for OpenVPN in order to authenticate via username/password, but that appeared to be an either/or option; in other words, I can force authentication via username/password OR certificate. I want to require both.
Is this possible? If so, how?
© Server Fault or respective owner