Setting Up OpenOTP With Citrix Gateway

Setting Up OpenOTP With Citrix Gateway

After many, many years of recommending two-factor authentication to customers for their Citrix Gateways, I finally got round to setting it up again on my home test lab.

For quite a while I used the free SMS2 when it was first created by Steven Wright and even went as far as setting up a highly available configuration. But time, or the lack of it coupled with a complete rebuild of my home lab meant that I just didn’t re-implement it.  So for the past year or so I’ve been running without 2FA on my Citrix Gateway which is a little bit hypocritical !

When I looked around for a free two-factor solution again I came across OpenOTP from RCDevs and thought I’d give it a go.  The fact that it’s based on CentOS also peaked my interest as well as they have a virtual appliance which makes life a whole lot quicker.

Setting it up was pretty straight forward and from a Citrix Gateway perspective it was just another Radius solution to authenticate with.

So far, the only issue I’ve had was getting the autostart order right on my ESXi host.  I stupidly brought up the OpenOTP appliance before my Domain Controller which meant that it failed to contact AD and I was denied access through the gateway.  A quick autostart change and now my core environment comes up in the right order when I wake my ESXi host and all works smoothly.

I’ll put together a wiki page for the installation when I get a chance and also try out setting up a HA configuration, but if you want to try it out head over to RCDevs and download the appliance.

Leave a Reply

Your email address will not be published.