Setting Up OpenOTP With Citrix Gateway
After many, many years of recommending two-factor authentication to customers for their Citrix Gateways, I finally got round to setting it up again on my home test lab.
For quite a while I used the free SMS2 when it was first created by Steven Wright and even went as far as setting up a highly available configuration. But time, or the lack of it coupled with a complete rebuild of my home lab meant that I just didn’t re-implement it. So for the past year or so I’ve been running without 2FA on my Citrix Gateway which is a little bit hypocritical !
When I looked around for a free two-factor solution again I came across OpenOTP from RCDevs and thought I’d give it a go. The fact that it’s based on CentOS also peaked my interest as well as they have a virtual appliance which makes life a whole lot quicker.
Setting it up was pretty straight forward and from a Citrix Gateway perspective it was just another Radius solution to authenticate with.
So far, the only issue I’ve had was getting the autostart order right on my ESXi host. I stupidly brought up the OpenOTP appliance before my Domain Controller which meant that it failed to contact AD and I was denied access through the gateway. A quick autostart change and now my core environment comes up in the right order when I wake my ESXi host and all works smoothly.
I’ll put together a wiki page for the installation when I get a chance and also try out setting up a HA configuration, but if you want to try it out head over to RCDevs and download the appliance.