Duo Two-Factor Authentication for OpenVPN FAQLast Updated: June 19th, 2018
My OpenVPN server must send HTTPS requests through a proxy
You can use an HTTPS Proxy when communicating with Duo Security's service. Add the proxy's host and port to the plugin line in OpenVPN's server configuration file (e.g. /etc/openvpn/openvpn.conf):
plugin /opt/duo/duo_openvpn.so IKEY SKEY HOST PROXY_HOST PROXY_PORT
The proxy must support the CONNECT protocol.
Is it possible to have OpenVPN send an automatic push to authenticate?
You can configure OpenVPN to send a push request automatically at logon as follows:
- Make sure your OpenVPN server is at least version 2.1.0.
- Update the Duo plugin to the latest version from GitHub if not version 2.1.
auth-user-pass-optionalto the OpenVPN server configuration file (eg. /etc/openvpn/openvpn.conf).
auth-user-passfrom the your users' OpenVPN client configuration file.