Possible? OpenVPN server requiring both certificate- AND password-based login (via Tomato router firmware)

Posted by Eric on Server Fault See other posts from Server Fault or by Eric
Published on 2012-08-23T03:41:42Z Indexed on 2013/06/29 16:23 UTC
Read the original article Hit count: 159

Filed under:

authentication

|

openvpn

|

tomato

I've been using Shibby's build of Tomato (64k NVRAM version) on my Asus N66U router in order to run an OpenVPN server.

I'm curious whether it's possible to setup this OpenVPN server to require both a certificate AND a username/password before a user is allowed access.

I noticed there's a "challenge password" entry when filling out the certificate details, but everyone says to leave it blank "or else"; I have no idea why, and I can't find an explanation. In addition, I've Google'd this issue a bunch and have noticed people talking about a PAM module for OpenVPN in order to authenticate via username/password, but that appeared to be an either/or option; in other words, I can force authentication via username/password OR certificate. I want to require both.

Is this possible? If so, how?

© Server Fault or respective owner

Related posts about authentication

Configuring Fed Authentication Methods in OIF / IdP

as seen on Oracle Blogs - Search for 'Oracle Blogs'
In this article, I will provide examples on how to configure OIF/IdP to map OAM Authentication Schemes to Federation Authentication Methods, based on the concepts introduced in my previous entry. I will show examples for the three protocols supported by OIF: SAML 2.0 SSO SAML… >>> More
windows authentication vs sql server authentication for asp.net forms authentication site

as seen on Stack Overflow - Search for 'Stack Overflow'
I have a database and a site having forms authentication. It is working fine with VS2008. This time, I am using "Trusted_connection =True". But when it is opened from outside or directly from browser then I am getting error "Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'." I know this is due… >>> More
Disable authentication on subfolder(s) of an ASP.NET app using windows authentication

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, Is it possible to disable windows authentication on one or more subfolders of an ASP.net application using windows authentication? >>> More
AutoCompleteExtender - authentication failure (forms authentication)

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm using the AutoCompleteExtender from the AJAX control toolkit on my aspx page - I have it wired up to a WCF service that is returning a string array and everything works happily. If I change my service definition to include a demand for the caller to be authenticated, like so: <OperationContract()… >>> More
Ruby on Rails , functionalities having twitter authentication and email authentication (autlogic and

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi Experts, I would like to ask your guidance on how to authenticate using email add/ the basic log-in while having also a twitter log-in, twitter authentication works fine but if having an alternative log-in like using basic sign-up and email log-in part wont work.... any ideas please...? >>> More

Related posts about openvpn

Encouter error "Linux ip -6 addr add failed" while setting up OpenVPN client

as seen on Server Fault - Search for 'Server Fault'
I am trying to set up my router to use OpenVPN and have gotten quite far (I think), but something seems to be missing and I am not sure what. Here is my configuration for the client: client dev tun proto udp remote ovpn.azirevpn.net 1194 remote-random resolv-retry infinite auth-user-pass /tmp/password… >>> More
OpenVpn: Setting Up Openvpn in Ubuntu 10.04

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I am trying to setup OpenVpn Server on Ubuntu 10.04. I am not good in network concepts so its hard to understand the IP address that are given in the setup tutorial.. I could find many sites to setup openvpn server but i have few doubts in it. 1.I am mainly setting up the server to make it work… >>> More
pfsense peer-to-peer OpenVPN not connecting

as seen on Server Fault - Search for 'Server Fault'
I'm trying to setup a peer-to-peer OpenVPN between two pfsense servers running 2.0.1-RELEASE, but the client keeps getting the connection dropped, with a status of "reconnecting; ping-restart" and nothing appears to be routing between them. Both these firewalls are also doing PPTP VPNs that are working… >>> More
OpenVPN not connecting

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
There have been a number of post similar to this, but none seem to satisfy my need. Plus I am a Ubuntu newbie. I followed this tutorial to completely set up OpenVPN on Ubuntu 12.04 server. Here is my server.conf file ################################################# # Sample OpenVPN 2.0 config file… >>> More
openVPN GUI does not run error about error opening registry for reading HKLM\SOFTWARE\OpenVPN

as seen on Super User - Search for 'Super User'
I'm trying to run OpenVPN as a portable application and to that effect i have installed it on a Windows 7 machine, copied the files to another windows 7 machine and manually restored the registry settings using a .reg file. Whenever i try to run open vpn GUI i get the following error error opening… >>> More