I have a certificate based OpenVPN configuration w/ the Duo TFA. When on a stable Wifi or wired connection, the VPN operates normally. User supplies “push” in the OpenVPN client and a single notification arrives.
Under spotty WiFi settings (ie. public cafe, airplane, etc.) the VPN tunnel breaks and OpenVPN retries the connection. The problem is that each retry generates a new Duo TFA push request. In some instances, the user does not get the pushes in time and the account becomes locked. Is it possible to cache the Duo TFA used by OpenVPN for some time period preventing the need for multiple approvals?