Hi On Thu, Jun 3, 2021 at 1:40 PM Gokan Atmaca <linux.go...@gmail.com> wrote: > > Hello > > I am using Ubuntu server. I am using openvpn as SSL and TLS. PAM auth. > together... Now I want to use google mfa. I got the following errors > in the settings I made. > I can ssh sign with the same 2fa information. > > > What could cause the problem ? > > > -% ovpn_srv: > plugin /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so > openvpn login USERNAME password PASSWORD pin OTP
That looks right assuming the prompts from the pam module in /etc/pam.d/openvpn will match "login", "password" and "pin" > > > -% log: > openvpn(pam_google_authenticator)[3183]: debug: Secret file > permissions are 0400. Allowed permissions are 0600 > openvpn(pam_google_authenticator)[3183]: debug: > "/home/thapeex4/.google_authenticator" read > openvpn(pam_google_authenticator)[3183]: debug: shared secret in > "/home/thapeex4/.google_authenticator" processed > openvpn(pam_google_authenticator)[3183]: Did not receive verification > code from user > openvpn(pam_google_authenticator)[3183]: Did not receive verification > code from user > openvpn(pam_google_authenticator)[3183]: Invalid verification code for > thapeex4 > openvpn(pam_google_authenticator)[3183]: debug: > "/home/thapeex4/.google_authenticator" written Have you checked whether the client is setup to pass the username, password and pin in the right format? You have to use --static-challenge in the client config and either run openvpn client using a UI that supports static challenge. Running from the command line should work too. Server logs at verb=4 should have more info -- the above snippets only show debug messages from the pam module. Selva _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
