Documentation
Duo Two-Factor Authentication for OpenVPN Access Server - FAQ
Last Updated: June 19th, 2018Contents
How can I connect on Linux after installing Duo for OpenVPN AS?
First, make sure you've read the official OpenVPN Access Server documentation.
Duo adds some additional requirements, in that it makes use of OpenVPN Access Server's dynamic challenge-response mechanism. This mechanism is supported in the open-source client starting with version 2.2, but you usually must enable it explicitly:
-
Make sure you're running version 2.2 or later of the openvpn client:
$ openvpn --version OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Mar 30 2012 Originally developed by James Yonan Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net> ... -
Set the auth-retry option to a value of interact when running the client. For example:
$ openvpn --config client.ovpn --auth-retry interact
How do I uninstall Duo from OpenVPN AS?
Where admin_username is the username of an administrator on your OpenVPN Access Server instance:
-
Use OpenVPN Access Server's command-line interface to remove the post-auth script:
$ /usr/local/openvpn_as/scripts/sacli -a admin_username \
-k auth.module.post_auth_script ConfigDel
-
Restart the service to commit your configuration changes:
$ /usr/local/openvpn_as/scripts/sacli -a admin_username Reset
Additional Troubleshooting
Need more help? Try searching our OpenVPN AS Knowledge Base articles or Community discussions. For further assistance, contact Support.