OpenOTP MFA-VPN: solution for secure remote access

OpenOTP MFA-VPN

MFA-VPN Server (VPN server with OTP)

RCDevs MFA-VPN is an Enterprise-grade VPN appliance designed for companies needing remote access to corporate networks and resources.

The RCDevs MFA-VPN client offers smooth VPN access for both Windows and MacOSX users, simplifying the process significantly.

In just a few steps, administrators can enable VPN access effortlessly by creating an access group in Active Directory and establishing a dedicated Client access policy.

Notably, this VPN MFA solution is also compatible with FIDO2, ensuring advanced security measures alongside convenience for secure remote connectivity. It includes multi-factor features like mobile Push login and many more.

MFA-VPN relies on your WebADM/OpenOTP Identity Management platform and also supports any MFA login methods provided by the OpenOTP server.

RCDevs helps you

Secure your VPN endpoint

Solution

OpenOTP-VPN
The RCDevs MFA-VPN client delivers streamlined, secure VPN access for both Windows and macOS environments, offering robust multi-factor authentication (MFA) integration for enhanced security. This client simplifies the VPN setup process by leveraging existing Active Directory (AD) infrastructure, reducing the need for complex configurations.

Administrators can effortlessly configure VPN access in just a few steps. By creating a specific access group in Active Directory, user memberships can be managed directly within the organization’s identity management framework. Next, a dedicated Client Access Policy is defined within the RCDevs WebADM or other policy management system, allowing for precise control over who can connect to the VPN and under what conditions. The Client Access Policy integrates seamlessly with RCDevs’ MFA solution, enforcing strong, multi-factor authentication for all VPN users, adding a critical security layer.

Once the policy is in place, administrators can manage user access centrally and adjust policies as needed for groups or individuals. The MFA-VPN client is compatible with multiple protocols like OpenVPN, IPSec, and SSTP, making it adaptable to different network environments. By supporting multiple authentication mechanisms, such as OTP tokens, SMS, or push notifications, RCDevs ensures maximum flexibility in MFA deployment.

This integration results in a highly efficient, secure, and user-friendly VPN solution for organizations that require secure remote access without compromising security or increasing administrative overhead.

Overview

Mobile Push with Simple Approve/Deny
MFA-VPN supports the OpenOTP’s Simple Push feature (OpenOTP Token required) where the user’s mobile phone is activated on-the-fly when the user starts the VPN connection. The VPN login transactions are displayed on the mobile phone and the user just needs to press ‘Approve’ to authenticate the remote connection. RCDevs mobile Push can be combined with other OpenOTP authentication methods like SMS or Hardware Token for fallback mechanisms.
Graphical Access Policies with WebADM
Defining your remote access policies has never been so simple: create access groups and client policies in RCDevs WebADM and your VPN server will implement user access with an unbeatable level of flexibility. WebADM client policies support group, domain, time and even geolocation-based access control. The WebADM audit provides full user activity reports with geolocation information.

Integrations

Two OPEN-VPN Integration options

If you are already using OpenVPN in your infrastructure or are looking to deploy a new VPN server, RCDevs offers flexible solutions tailored to your needs, with two distinct deployment options for integrating MFA into your VPN environment.
Option 1: Deploy a New VPN Server
RCDevs’ MFA-VPN solution functions as a full-featured Enterprise VPN server, built on OpenVPN technology and tightly integrated with RCDevs' advanced multi-factor authentication (MFA) components. This option provides a comprehensive, out-of-the-box solution available as Linux installation packages or as a pre-configured Virtual Appliance. This makes it easy to deploy and manage while ensuring robust security for remote access.
Option 2: Extend an Existing OpenVPN Server
If you already have an OpenVPN server in place, RCDevs offers the OpenVPN Bridge, a companion software service that seamlessly integrates with your current infrastructure. The OpenVPN Bridge adds the necessary MFA components to your existing setup, enabling secure interactions with RCDevs' OpenOTP back-end. This provides all the benefits of RCDevs' multi-factor authentication without requiring you to replace your existing VPN infrastructure.

How to

Instructions for how to configure OpenOTP MFA-VPN Server.

See how simple it is to use OpenOTP MFA-VPN:

Unified IAM Federation

Native IAM Integration

OpenOTP is compatible with local directories such as Active Directory (AD) and LDAP, providing extensive support for on-premise environments. Additionally, it is natively integrated with EntraID, Okta, Google, Ping Identity, One Identity, and many other identity providers, enabling simple integration across diverse IAM systems.

Choose the right method

Authentication Methods

RCDevs’ IAM-MFA solutions are compatible
with Strong Authentication Technologies

A robust solution should support modern methods such as Push Notifications, FIDO2/Passkeys, YubiKeys and traditional SMS, email, and OTP. Support varies by integration (RADIUS, SAML/OIDC, desktop), client/device capabilities, and policy, meaning not every method is supported for every application.

SEEING
IS BELIEVING

Whether you are buying a car or a security solution, you always want to test drive it before signing on the dotted line. We know this and you know this.

Contact us for your Free PoC or check it out for yourself.

Europe (Headquarters)
1 Boulevard du Jazz
4370 Esch-sur-Alzette
Luxembourg
United States (Office)
2415 Third Street, Suite 231
San Francisco, CA 94107
United States
© 2025 RCDevs Security SA. All Rights Reserved
EN
FR DE EN