Possible? OpenVPN server requiring both certificate- AND password-based login (via Tomato router firmware)

Posted by Eric on Server Fault See other posts from Server Fault or by Eric
Published on 2012-08-23T03:41:42Z Indexed on 2013/06/29 16:23 UTC
Read the original article Hit count: 164

Filed under:
|
|

I've been using Shibby's build of Tomato (64k NVRAM version) on my Asus N66U router in order to run an OpenVPN server.

I'm curious whether it's possible to setup this OpenVPN server to require both a certificate AND a username/password before a user is allowed access.

I noticed there's a "challenge password" entry when filling out the certificate details, but everyone says to leave it blank "or else"; I have no idea why, and I can't find an explanation. In addition, I've Google'd this issue a bunch and have noticed people talking about a PAM module for OpenVPN in order to authenticate via username/password, but that appeared to be an either/or option; in other words, I can force authentication via username/password OR certificate. I want to require both.

Is this possible? If so, how?

© Server Fault or respective owner

Related posts about authentication

Related posts about openvpn