How to Enforce Multi-Factor Authentication on VPN

UTunnel provides users with multi-factor authentication (MFA) for secure access to VPN servers. Server owners or admins can enforce MFA on VPN servers, allowing VPN access to MFA-enabled users only, while denying access to others. 

Users without MFA enabled in their UTunnel account will need to enable it from their web dashboard before connecting to MFA-enforced servers. This additional security layer enhances protection for your VPN server.

Please note that to enforce MFA on a VPN server, authenticated VPN sessions should be enabled on the server first. Only in that case, users will undergo re-authentication when connecting to the VPN server, in addition to the initial login authentication.

This guide describes how to enforce multi-factor authentication on a VPN server from the UTunnel web console.

1. Log in to your UTunnel account and navigate to the Server tab.

How to enforce multi-factor authentication on VPN dashboard

2. Click on the server on which you want to enable multi-factor authentication.

How to enforce multi-factor authentication on VPN servers page

3. From the Server Overview page, navigate to the Settings section on the left side menu.

How to enforce multi-factor authentication on VPN server overview

4. Navigate to the General section on the left side menu and tick on the Enable authenticated sessions if it’s not already enabled, and then on the Enforce Multi-Factor Authentication option. Then click on the SAVE CHANGES button to save the changes.

How to enforce multi-factor authentication on VPN general settings

5. As changes are made to server settings, the UTunnel service needs to be restarted to reflect these changes. Click on the APPLY button to initiate service restart.
If you are using an integrated cloud VPN server, the service restart process will automatically get initiated. In the case of an on-premise server, you have to restart the service manually.

How to enforce multi-factor authentication on VPN service restart prompt

After the service restart is finished, the user attempting to connect to the said VPN server from a client device will be granted access only upon entering the MFA OTP (One-Time Password).

Popular Support Articles

How to run OpenVPN on Custom Protocol and Port

How to Enable Manual OpenVPN Connections

How to Enable Authenticated VPN Sessions

How to Update the Server Certificate on your VPN Gateway

How to Enable VPN Obfuscation with OpenVPN