OpenVPN and 2FA

By Zach DeMeyer Posted June 22, 2019

OpenVPN is an open-source VPN offering, and one of the most popular options in its market space. As far as modern IT solutions go, OpenVPN is one of the “veterans;” the open-source VPN provider has been around since 2001, and is still going strong. We would like to detail some of its benefits, namely the use of OpenVPN and 2FA (two-factor authentication).

Why Use VPNs?

If you are unfamiliar with virtual private networks, or VPNs, it would make sense to get a bit of background. Over the past three decades, the need for and use of VPNs has evolved considerably. In the earliest modern IT networks, IT resources were housed on-prem, with the majority (if not all) of those resources being Microsoft® Windows®-based.

In order to access said resources, such as a system, application, or server, an end user would need to be physically in the office, tied into the internal network through Ethernet cables. This created the concept behind the Windows domain, and helped build up Microsoft Active Directory® as the domain controller.

Rise of the Remote Worker

Over time, following the advent of the Internet, employees started performing their duties off-site, beginning the remote work craze that has reached a near fever pitch in today’s workforce. Of course, remote work at the time was practically unheard of, but remote workers soon needed a way to maintain access to all of the company’s applications, files, servers, etc. housed on-prem. Enter: the VPN.

A VPN acts as a secure tunnel, of sorts, for users to access on-prem network resources safely and securely over the Internet while working remotely. The concept itself was a godsend for admins looking to provide secure remote network access.

An Identity Crisis

While they have revolutionized the possibility of remote work, VPNs have historically been a bit clumsy when it comes to identity access. For a while, VPNs often required multiple logins: one for the user’s machine, which was ultimately connected to the on-prem Active Directory instance after the VPN was activated, and then one for the VPN itself.

Many times these logins weren’t synchronized for the end user or the IT admin, creating a sort of identity rift. This qualm led to some considerable extra work for both sides. Thankfully, with the rise of modern identity management tools, like Directory-as-a-Service®, user access is becoming centralized under a single set of credentials. That means that users can leverage those credentials to access virtually all of their IT resources, including the VPN, through a variety of protocols.

In particular, users of a cloud directory service would be authenticated to VPNs through a choice of LDAP or RADIUS. Either choice helps to avoid the login issues faced in traditional VPN access management.

Innovation Breeds Innovation

With that problem solved, IT admins and DevOps engineers realized that instead of solely using VPNs to connect remote workers to on-prem applications and servers, they could be used to connect to AWS, GCP, and other critical cloud infrastructure. This added benefit also came with added concerns.

After all, DevOps login credentials to these crucial development resources were even more important to protect than the average remote worker’s. So, admins started to explore the possibility of multi-factor authentication or two-factor authentication with VPNs. Specifically, since OpenVPN is a leading VPN solution, integrating 2FA capabilities into it could be incredibly significant.

The good news is that not only can you authenticate to OpenVPN with Directory-as-a-Service through RADIUS, but now you can add 2FA capabilities to that login as well.

2FA with RADIUS-as-a-Service

JumpCloud® Directory-as-a-Service is the first cloud directory service, featuring a hosted cloud RADIUS solution called RADIUS-as-a-Service. A recent feature to RADIUS-as-a-Service is the addition of MFA for RADIUS, allowing IT admins to further secure their network access, including VPN access.

Of course, RADIUS-as-a-Service is only a part of the whole Directory-as-a-Service offering. Admins can use JumpCloud to manage their users and their access to systems, apps, networks, and more from a single cloud admin console. Directory-as-a-Service enables IT admins to automate their identity management workflow, ultimately saving significant time and money.

Try JumpCloud Free

JumpCloud Directory-as-a-Service and all of its capabilities, including 2FA for OpenVPN,  are available for IT organizations to use completely free for their first ten users in the platform. Simply sign up for a free JumpCloud account to get started with your ten complimentary users today. You can also schedule a Directory-as-a-Service demo to see the product in action.

Questions? Comments? Contact us to learn more.

Zach DeMeyer

Zach is a writer and researcher for JumpCloud with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, making music, and soccer.

Recent Posts