Contents
This configuration is for the OpenVPN Community Open Source Software Project. Refer to the OpenVPN AS documentation if you're using OpenVPN Access Server.
My OpenVPN server must send HTTPS requests through a proxy
You can use an HTTPS Proxy when communicating with Duo Security's service. Add the proxy's host and port to the plugin line in OpenVPN's server configuration file (e.g. /etc/openvpn/openvpn.conf):
plugin /opt/duo/duo_openvpn.so IKEY SKEY HOST PROXY_HOST PROXY_PORT
The proxy must support the CONNECT protocol.
Is it possible to have OpenVPN send an automatic push to authenticate?
You can configure OpenVPN to send a push request automatically at logon as follows:
- Make sure your OpenVPN server is at least version 2.1.0.
- Update the Duo plugin to the latest version from GitHub if not version 2.1.
- Add
auth-user-pass-optional
to the OpenVPN server configuration file (eg. /etc/openvpn/openvpn.conf). - remove
auth-user-pass
from the your users' OpenVPN client configuration file.
Additional Troubleshooting
Need more help? Try searching our OpenVPN Knowledge Base articles or Community discussions. For further assistance, contact Support.