2-factor auth options

David Woodhouse dwmw2 at infradead.org
Fri Sep 22 00:18:41 CEST 2017

On Thu, 2017-09-21 at 15:21 -0400, Konstantin Ryabitsev wrote:
> Hello, all:
> Is there any mechanism to add some kind of 2-factor authentication
> mechanism either via:
> a. additional prompting for a HOTP/TOTP key sequence similar to how
> openvpn allows doing auth-user-pass in addition to certificate-based
> authentication

Remember things like Yubikeys can do [HT]OTP in hardware. Not as HID
but actually generating the OTP on demand via PCSC.

> b. some way to use PGP Auth keys with wireguard so that keys stored on
> GnuPG-capable smartcards can be used for establishing a VPN connection.

PKCS#11 might be a better choice than PGP.

> c. (some other means)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4938 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20170921/c359585a/attachment-0001.bin>

More information about the WireGuard mailing list