Change Details

ocserv allows for multiple authentication factors per session There is an options available for one-time passwords Given that VyOS uses local accounts for ocserv, OTP keys will be generated for these accounts Suggested commands to get started: ``` vyos@vyos# set vpn openconnect authentication mode Possible completions: local Use local username/password configuration local-otp Use local username/password + one time password (OTP) autentication radius Use RADIUS server for user autentication ``` ``` vyos@vyos:~# set vpn openconnect authentication local-users username user2 otp Possible completions: key Token Key Secret key for the token algorithm (see RFC 4226) otp-length Optional. Number of digits in OTP. Default 6 ``` Further functionality can be developed to use different types of OTP

ocserv allows for multiple authentication factors per session There is an options available for one-time passwords Given that VyOS uses local accounts for ocserv, OTP keys will be generated for these accounts Suggested commands to get started: ``` vyos@vyos# set vpn openconnect authentication mode Possible completions: local Use local username/password configuration radius Use RADIUS server for user autentication vyos@vyos# set vpn openconnect authentication mode local password Default. Password-only local authentication otp OTP-only local authentication password-otp Password (first) + OTP local authentication otp-password OTP (first) + Password local authentication ``` ``` vyos@vyos:~# set vpn openconnect authentication local-users username user2 otp Possible completions: key Token Key Secret key for the token algorithm (see RFC 4226) otp-length Optional. Number of digits in OTP. Default 6 ``` Further functionality can be developed to use different types of OTP

ocserv allows for multiple authentication factors per session There is an options available for one-time passwords Given that VyOS uses local accounts for ocserv, OTP keys will be generated for these accounts Suggested commands to get started: ``` vyos@vyos# set vpn openconnect authentication mode Possible completions: local Use local username/password configuration local-otp Use local username/password + one time password (OTP) autradius Use RADIUS server for user autentication vyos@vyos# set vpn openconnect authentication mode local password Default. Password-only local authentication radius Use RADIUS server for user autotp OTP-only local authentication password-otp Password (first) + OTP local authentication otp-password OTP (first) + Password local authentication ``` ``` vyos@vyos:~# set vpn openconnect authentication local-users username user2 otp Possible completions: key Token Key Secret key for the token algorithm (see RFC 4226) otp-length Optional. Number of digits in OTP. Default 6 ``` Further functionality can be developed to use different types of OTP