Duo Two-Factor Authentication for OpenVPN FAQ
Last updated:
My OpenVPN server must send HTTPS requests through a proxy
You can use an HTTPS Proxy when communicating with Duo Security's service. Add the proxy's host and port to the plugin line in OpenVPN's server configuration file (e.g. /etc/openvpn/openvpn.conf):
plugin /opt/duo/duo_openvpn.so IKEY SKEY HOST PROXY_HOST PROXY_PORT
The proxy must support the CONNECT protocol.
Is it possible to have OpenVPN send an automatic push to authenticate?
You can configure OpenVPN to send a push request automatically at logon as follows:
- Make sure your OpenVPN server is at least version 2.1.0.
- Update the Duo plugin to the latest version from GitHub if not version 2.1.
- Add
auth-user-pass-optional
to the OpenVPN server configuration file (eg. /etc/openvpn/openvpn.conf). - remove
auth-user-pass
from the your users' OpenVPN client configuration file.
Additional Troubleshooting
Need more help? Try searching our OpenVPN Knowledge Base articles or Community discussions. For further assistance, contact Support.