Introduction
In this chapter, we will focus on the support for two-factor authentication for OpenVPN. Two-factor authentication is based on the idea that in order to use a system (like a VPN),you need to provide two things:
something you know that is a password
something you possess that is a smartcard or hardware token
Starting with version 2.1, OpenVPN supports two-factor authentication by providing PKCS#11 support on Windows, Mac OS X, and Linux. PKCS#11 is an industry standard for communicating with smartcards or hardware tokens, and there are both open source and commercial drivers available. The major difficulty when supporting two-factor authentication is the software support on different platforms. While most hardware token vendors provide drivers for Microsoft Windows, there are far fewer cards and tokens supported on Linux. For this chapter, we have made use of an Aladdin eToken Pro USB hardware token (http://www.aladdin.com), which is well supported on Windows, Mac OS X, and Linux...