Hi,
it depends on the user/pass method. If it’s pam compatible, than the easies is
to use auth-pam plugin, which handles user+pass+otp (google auth has pam module)
Other method is to parse the SCRV string in your external program.
Don’t forget to add ’static-challenge "RSA Token" 1’ to the client config!
Cheers,
Tom
p.s.: using dynamic challenges are a bit more complicated and involves using
the management interface az auth
From: Vertigo Altair [mailto:vertigo.alt...@gmail.com]
Sent: Tuesday, April 21, 2020 6:43 PM
To: openvpn-users@lists.sourceforge.net
Subject: [Openvpn-users] Google OTP With auth-user-pass-verify (2FA)
Hi OpenVPN People,
I have a OpenVPN server, in this server, I'm authenticating users with my
external program (via --auth-user-pass-verify option). There is no problem in
this situation.
I want to add Two Factor Auth. with google-authenticator.
I guess the process be like;
A client enters these creds;
username
password + [OTP]
Firstly, my external program checks if username password combination is true
and after google-authenticator checks if one-time-password is true.
How can I achieve this? I tried some cases with Google-Authenticator but I
could only authenticate with adding user to system.)
Thanks..
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
