I'm managing IT for a small nonprofit and need some guidance on setting up a VPN that incorporates two-factor authentication (2FA) in the most cost-effective manner. We're currently using our Unifi Dream Machine's OpenVPN Server, but it looks like it doesn't support 2FA. I'd like to know the easiest and most affordable ways to implement 2FA, especially since I can self-host on Ubuntu Server if necessary. It would be great to integrate it with Entra ID, since we use Microsoft 365, allowing for streamlined user management. We have about 10 users, with no more than 3-4 needing VPN access at the same time. Just to clarify, we use Entra ID but don't have a domain controller (no local Active Directory). If integration with Entra ID isn't feasible, I'd appreciate any suggestions for a secure and simple way to manage user accounts.
5 Answers
Since you’re already with Entra, why not just use their MFA? It’s free, plus you could bypass the VPN altogether by utilizing their remote application proxy along with an MFA conditional access policy.
If you can configure SAML on your Dream Machine, you might be able to leverage Entra’s MFA with that setup.
OpenVPN actually does support 2FA options, such as using certificates, which can even include smartcards along with PINs or passphrases.
Have you checked out Tailscale? They offer good support for multifactor authentication and might be a solid fit for your needs.
Consider using Cloudflare One; it's free for up to 50 users and provides a secure zero-trust framework. It might be more secure than managing a conventional VPN.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures