In this section, we will provide some background information on cryptographic hardware devices. You will learn how to generate a private key on a hardware token, and how to copy the associated X.509 certificate to the token as well. After that, we will discuss how OpenVPN can find and use this certificate/private key pair to establish a VPN connection.
Starting with Version 2.1, OpenVPN supports two-factor authentication by providing PKCS#11 support. Two-factor authentication is based on the idea that in order to use a system (like a VPN) you need to provide two things:
Something you know, for example, a password
Something you possess, for example, a smart card or hardware token
PKCS#11 is an industry standard for communicating with smart cards or hardware tokens, and there are both open source and commercial drivers available. The PKCS#11 standard was originally published by RSA Laboratories and is sometimes also...