Openvpn LDAP (authentication query) and 2FA

Hi all,

i’m again here, we have an Openvpn cluster (3 nodes) with several instances of openvpn, each instance use different plugins or different plugin configuration, some use pam authentication (local users), some ldap authentication (with specific and different query each one to have access to different servers) and so on, we have 12 instances of openvpn on each node.

I read the documentation to implement 2FA with privacyidea and it tell to load the privacyidea plugin in the openvpn configuration but i suspect that it will replace the actual plugin used in each instance, so now the questions:

  • how i tell privacyidea plugin to use openvpn local users for authentication and privacyidea 2FA later ?
  • how i tell privacyidea plugin to use ldap authentication (with specific query) and privacyidea 2FA later ?

Just to be clear,

i would use:

for first instance of openvpn: pam + 2FA
for second instance of openvpn: ldap (with specific search, here i use ldap_plugin and the query is inside the configuration of the ldap_plugin) + 2FA
for third instance of openvpn: ldap (with another search) + 2FA

Hope it’s more clear now