Multi-Factor Authentication (MFA)

Verify the identities of all users with MFA.

Remote Access

Provide secure access to VPNs and servers.

Device Trust

Ensure all devices meet security standards.

Single Sign-On (SSO)

Provide secure access to any app from a single dashboard.

Adaptive Access Policies

Block or grant access based on users' role, location, and more.

Duo MFA

$3/User/Month

Desktop and mobile access protection with basic reporting and secure single sign-on.

Duo Access

$6/User/Month

All Duo MFA features, plus adaptive access policies and greater device visibility.

Duo Beyond

$9/User/Month

All Duo Access features, plus advanced device insights and remote access solutions.

Duo Free

Free (10 users)

Simple identity verification with Duo Mobile for individuals or very small teams.

Duo Federal

Variable Pricing

FedRAMP authorized, end-to-end FIPS capable versions of Duo MFA and Duo Access.

Duo Technology Partner Program

Integrate with Duo to build security into applications.

Already a Tech Partner? Sign-in

Duo Managed Service Providers

Deliver scalable security to customers with our pay-as-you-go MSP partnership.

Duo Security Solution Providers

Enhance existing security offerings, without adding complexity for clients.

Already a SSP Partner? Sign-in

Documentation

OpenVPN FAQ

Last Updated: June 19th, 2018

This configuration is for the OpenVPN Community Open Source Software Project. Refer to the OpenVPN AS documentation if you're using OpenVPN Access Server.

My OpenVPN server must send HTTPS requests through a proxy

You can use an HTTPS Proxy when communicating with Duo Security's service. Add the proxy's host and port to the plugin line in OpenVPN's server configuration file (e.g. /etc/openvpn/openvpn.conf):

plugin /opt/duo/duo_openvpn.so IKEY SKEY HOST PROXY_HOST PROXY_PORT

The proxy must support the CONNECT protocol.

Is it possible to have OpenVPN send an automatic push to authenticate?

You can configure OpenVPN to send a push request automatically at logon as follows:

Make sure your OpenVPN server is at least version 2.1.0.
Update the Duo plugin to the latest version from GitHub if not version 2.1.
Add auth-user-pass-optional to the OpenVPN server configuration file (eg. /etc/openvpn/openvpn.conf).
remove auth-user-pass from the your users' OpenVPN client configuration file.

Additional Troubleshooting

Need more help? Try searching our OpenVPN Knowledge Base articles or Community discussions. For further assistance, contact Support.

Multi-Factor Authentication (MFA)

Remote Access

Device Trust

Single Sign-On (SSO)

Adaptive Access Policies

Duo MFA

Duo Access

Duo Beyond

Duo Free

Duo Federal

Duo Technology Partner Program

Duo Managed Service Providers

Duo Security Solution Providers

Documentation

OpenVPN FAQ

Contents

Feedback

My OpenVPN server must send HTTPS requests through a proxy

Is it possible to have OpenVPN send an automatic push to authenticate?

Additional Troubleshooting

Government Solutions

Use Cases

Support for Administrators

Support for Duo End Users

Additional Topics

Popular Topics

Docs for Duo Editions

Integrations

OpenVPN FAQ

Contents

Related

Feedback

My OpenVPN server must send HTTPS requests through a proxy

Is it possible to have OpenVPN send an automatic push to authenticate?

Additional Troubleshooting