Yes, thatās correct, our configuration file uses both radius_server_auto with Duo_only_client, but we are using passwords for authentication, not certificates. To test I have tried using sms, push, a passcode, or yubikey output in the password field,...
My company currently has duo integrated with AWS Client VPN endpoint (we followed the doc above, using radius_server_auto) and we are testing the use of yubikeys integrated with duo as a means for 2FA. Iām experiencing the same situation as @pwallace...