OpenVPN + pam_pgsql + google-authenticator on CentOS 7 part 1

What and why?

We all love OpenVPN, but at the same time we hate how much time it takes to have it deployed nicely and with some higher grade of security.
In this series I will show how to configure OpenVPN with virtual users stored in PostgreSQL, make sure that they use Two-Factor Authentication (using Google-Authenticator app).

At the end of the series, I will also go through process of automation this whole thing, to be deployable in minutes using Ansible.


  1. Create certificates
  2. Install OpenVPN
  3. Install dependencies (google-authenticator and pam-pgsql)
  4. Install PostgreSQL
  5. Setup database, user and tables.
  6. Configure PAM
  7. Configure Google-authenticator
  8. Configure Control Panel (this needs to be written first)
  9. Setup user account
  10. Configure Client (Mac OS X)
  11. Test
  12. Automate using Ansible


Grzegorz Dzień

Leave a Reply

Your email address will not be published. Required fields are marked *