Adding 2FA to WireGuard
nico.schottelius at ungleich.ch
Fri Sep 13 15:22:55 CEST 2019
Rémi Lapeyre <remi.lapeyre at lenstra.fr> writes:
> Hi Nico, yes pyotp is the implementation I use on the server, but anything
> Compatible withrfc6238 should work.
That sounds about right!
>> We have written ungleich-otp  that extends the otp approach with
>> realms similar to kerberos.
> This looks interesting, I will move the code that validate the OTP in a
> separate class so that another validation backend like one based on this
> project can be used instead of reading the seeds from a SQLite file like
> I’m doing now.
> I did not see any kind of cool down in
> Are you not worried that someone
> could try to brute-force the OTP validation?
That is a good point! We will certainly want to fix that, as the seed
entropy is not *that* big.
Your Swiss, Open Source and IPv6 Virtual Machine. Now on www.datacenterlight.ch.
More information about the WireGuard