Protect your Virtual Private Networks


OpenOTP RADIUS Bridge provides the RADIUS RFC-2865 (Remote Authentication Dial-in User Service) API for your OpenOTP server.

With RADIUS Bridge you can integrate a large variety of third-party products and systems with multi-factor authentication. Many Enterprise products and services like Microsoft reverse-proxies, VPNs, Citrix or even VMWare provide support for RADIUS servers for more flexible user authentication.
RCDevs helps you to

Secure your VPN endpoint

RADIUS Bridge supports several password mechanisms to handle a two-factor authentication and by design, some One-Time Password methods like on-demand SMS-OTP work better with a challenge-response mechanism. You can also choose whether the users should be challenged the OTP password after having entered their domain password or should enter the password and the OTP in a concatenated form.

RADIUS Bridge supports single-factor authentication with password-only or OTP-only too. The OpenOTP authentication policies are very flexible and can be configured on a per-client basis in WebADM. Moreover, the client policies can be contextual to the network or geolocation of the users accessing your systems. This flexibility also provides support for integrations where the first factor is handled by your AD servers and the second factor (the OTP) is handled by your OpenOTP server.

RADIUS Bridge provides the RADIUS interface on top of the OpenOTP server. And it is included in your OpenOTP license at no extra charge.
The RADIUS standard is supported by all major security products on the market. You can also implement OpenOTP authentication methods for:
VPN Servers (Checkpoint, Cisco, Nortel, F5, Fortigate, Palo Alto…)
Microsoft DirectAccess VPN
Citrix (Access Gateway, XenApp, Netscaler)
VMWare View
Microsoft Reverse-Proxies (TMG, UAG, 2012 server…)
Enterprise Wifi (Cisco EAP-GTC and EAP-TTLS-PAP)
Radius-enabled Linux services (OpenVPN, Apache…)
And many others…
RADIUS integrations support all OpenOTP features
100% compatible with RADIUS standard (RFC-2865)
Robust implementation buit with FreeRadius
Many integrations including enterprise Wifi
OTP with challenge-response or password concatenation
Supports any RADIUS vendor dictionary
Supports MS Domain-style login names (i.e. Domain\Username)
Supports MS User Principal Names
Supports OpenOTP contextual authentication
Per user and group reply attributes for VPNs (ACL, roles)
Authentication policies per client application or group of users
Bridges all the OpenOTP functionalities (Tokens, Yubikey, SMSOTP, MailOTP…)
Standalone service with no additional OpenOTP configuration required
High performances with hundreds of requests per second
Cluster support with multiple bridges for HA

VPN Authentication with OpenOTP and Radius Bridge

See below the OpenOTP RADIUS architecture diagrams. Scenario one shows a typical OpenOTP integration with an enterprise VPN server. Scenario two includes the WAProxy mobile-to-server communication component which is necessary to enable OpenOTP One-tap login with Approve/ Deny.
VPN Authentication with OpenOTP, Radius Bridge and OTP Challenge
VPN Authentication with OpenOTP, Radius Bridge, WAProxy and Push Token
See how simple it is to use OpenOTP RADIUS Bridge:

Authentication methods

RADIUS Bridge provides Two-Factor authentication with all OpenOTP One-Time Password methods:
Mobile Push
Accept or Deny an Authentication Request
Voice Biometric
Human Voice Authentication
Hardware Tokens
OATH Event, Time and Challenge -based
Software Tokens
OATH Event, Time and Challenge-based, Mobile-OTP (mOTP)
Signed Authentication
FIDO Universal Second Factor (U2F and FIDO2)
Mailbox- Mail and Secure Mail OTP (PIN Mailer) and Mobile Phone- SMS OTP (On-Demand and Prefetched)
Yubikey Tokens
YubiKey Standard, Nano
Printed List
Printed OATH One-Time Password Lists

To request an online demo, you only have to create your account or contact us.

Online Demos are available for free to let you try RCDevs multi-factor in 5 minutes and authenticate with your mobile or Yubikey.