Verify the identities of all users with MFA.

Provide secure access to on-premise applications.

Ensure all devices meet security standards.

Provide secure access to any app from a single dashboard.

Block or grant access based on users' role, location, and more.

Free (10 users)

Simple identity verification with Duo Mobile for individuals or very small teams.

$3/User/Month

Desktop and mobile access protection with basic reporting and secure single sign-on.

$6/User/Month

All Duo Essentials features, plus adaptive access policies and greater device visibility.

$9/User/Month

Get complete zero trust access for every application. Enable VPN-less remote access to private resources.

Variable Pricing

FedRAMP authorized, end-to-end FIPS capable versions of Duo Essentials and Duo Advantage.

Integrate with Duo to build security into applications.

Already a Tech Partner? Sign-in

Deliver scalable security to customers with our pay-as-you-go MSP partnership.

Enhance existing security offerings, without adding complexity for clients.

Already a SSP Partner? Sign-in

Documentation

Duo Two-Factor Authentication for OpenVPN FAQ

Last Updated: June 19th, 2018

This configuration is for the OpenVPN Community Open Source Software Project. Refer to the OpenVPN AS documentation if you're using OpenVPN Access Server.

My OpenVPN server must send HTTPS requests through a proxy

You can use an HTTPS Proxy when communicating with Duo Security's service. Add the proxy's host and port to the plugin line in OpenVPN's server configuration file (e.g. /etc/openvpn/openvpn.conf):

plugin /opt/duo/duo_openvpn.so IKEY SKEY HOST PROXY_HOST PROXY_PORT

The proxy must support the CONNECT protocol.

Is it possible to have OpenVPN send an automatic push to authenticate?

You can configure OpenVPN to send a push request automatically at logon as follows:

Make sure your OpenVPN server is at least version 2.1.0.
Update the Duo plugin to the latest version from GitHub if not version 2.1.
Add auth-user-pass-optional to the OpenVPN server configuration file (eg. /etc/openvpn/openvpn.conf).
remove auth-user-pass from the your users' OpenVPN client configuration file.

Additional Troubleshooting

Need more help? Try searching our OpenVPN Knowledge Base articles or Community discussions. For further assistance, contact Support.

Documentation

Duo Two-Factor Authentication for OpenVPN FAQ

Contents

Feedback

My OpenVPN server must send HTTPS requests through a proxy

Is it possible to have OpenVPN send an automatic push to authenticate?

Additional Troubleshooting

By Industry

Government Solutions

Use Cases

Support for Administrators

Support for Duo End Users

Expert Advice

Additional Topics

Popular Topics

Docs for Duo Editions

Integrations

Duo Two-Factor Authentication for OpenVPN FAQ

Contents

Related

Feedback

My OpenVPN server must send HTTPS requests through a proxy

Is it possible to have OpenVPN send an automatic push to authenticate?

Additional Troubleshooting