Hi, I am evaluating VPN with 2FA (w/ TOTP) supports inhouse. Currently, we use openvpn to do static 2FA (w/ shared client certificate), but it's not easy for hundreds of employee scale, and configuration file got leaked easily (actually happened). So this time, we do want to use a solution with less client setup effort. OpenConnect server and client are good starting point, coz openconnect & anyconnect clients all support 2FA. Although multiple factor authentication support is available for ocserv long ago, I can't find docs about how to make static password + totp work for ocserv.Is it possible? Obviously, the current ocserv auth backends don't support such setup. But if I can make client send username, password and 2nd password, I can hack a backend to do password & totp code auth for inhouse use. Anyone can help me out? Regards.
