Hi,
I run a (private) network consisting of meanwhile 8 OpenWrt based Wireguard servers.
My question is whether it is intended to equip OpenWRT with a module for 2-factor authentication at login. (Or have I just not found this module so far?)
I am looking forward to goal-oriented answers.
(And please excuse my "DeepL-English". Unfortunately I only speak German).
Of course, all my connections (between the 8 servers and together 48 clients) each have their own PSK in addition to their keys.
I am not concerned with the connection between the WG servers or the clients to their assigned server.
I am concerned with secure access as root on the GUI of my widely distributed servers. Of course the WG servers are always with reliable and trusted people to me and of course they have a good password for this access. But I consider a 2FA for such security critical applications as timely and necessary. (This is NOT meant to be a criticism of OpenWrt! Just a wish).
And: I am unfortunately not able to develop an add-on there myself.
This is something I need to look into more. Thanks for pointing that out.
Yes, I am very well aware of such tricks. But this is too "overdressed" for me.
I mean, even my little Seafile server on the RaspberryPi and my "german Fritz Box" and already many websites (like the one of this forum!) offer a 2FA with an authenticator.
I'm sure someday a developer will build that directly into OpenWrt as an installable add-on. Want to bet?
My wireguard servers are of course only accessible through my VPN. So they are not "free on the internet". And it is a purely private and non-commercial VPN. The friends who run the servers at their place only use a FritzBox or another home router. Only mine uses an OPNsense.
I know I'm always exaggerating a bit about IT security. After all, this was my job for many years ... .