Hello all
I've been trying to search the forum and the "interwebs" for the same problem but couldn't find anything. If I missed a post with the same problem please just point me to it please. I'm really into RTFM before I start bothering people.
I have setup OpenVPN AS and activated google authenticator, locked the account but I can still login without using the google auth code, i.e. the OpenVPNAS is not really enforcing the Google Auth and still lets me connect.
Thanks in advance,
Nuno
This is what I see in the logs when I authenticate:
2015-05-04 09:10:41+0000 [-] OVPN 0 OUT: 'Mon May 4 09:10:41 2015 TCP connection established with [AF_INET]xxx.xxx.xxx.xxx:59360'
2015-05-04 09:10:42+0000 [-] OVPN 0 OUT: 'Mon May 4 09:10:42 2015 xxx.xxx.xxx.xxx:59360 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:59360, sid=dd10d530 81da9d2d'
2015-05-04 09:10:42+0000 [-] OVPN 0 OUT: 'Mon May 4 09:10:42 2015 xxx.xxx.xxx.xxx:59360 VERIFY OK: depth=1, /CN=OpenVPN CA'
2015-05-04 09:10:42+0000 [-] OVPN 0 OUT: 'Mon May 4 09:10:42 2015 xxx.xxx.xxx.xxx:59360 VERIFY OK: nsCertType=CLIENT'
2015-05-04 09:10:42+0000 [-] OVPN 0 OUT: 'Mon May 4 09:10:42 2015 xxx.xxx.xxx.xxx:59360 VERIFY OK: depth=0, /CN=nabrantes'
2015-05-04 09:10:43+0000 [-] OVPN 0 OUT: 'Mon May 4 09:10:43 2015 xxx.xxx.xxx.xxx:59360 peer info: IV_VER=2.3_ASC12f'
2015-05-04 09:10:43+0000 [-] OVPN 0 OUT: 'Mon May 4 09:10:43 2015 xxx.xxx.xxx.xxx:59360 peer info: IV_PLAT=mac'
2015-05-04 09:10:43+0000 [-] OVPN 0 OUT: 'Mon May 4 09:10:43 2015 xxx.xxx.xxx.xxx:59360 peer info: IV_HWADDR=xx:xx:xx:xx:xx:xx'
2015-05-04 09:10:43+0000 [-] OVPN 0 OUT: 'Mon May 4 09:10:43 2015 xxx.xxx.xxx.xxx:59360 peer info: IV_SSL=OpenSSL_1.0.2a_19_Mar_2015'
2015-05-04 09:10:43+0000 [-] OVPN 0 OUT: 'Mon May 4 09:10:43 2015 xxx.xxx.xxx.xxx:59360 peer info: UV_ASCLI_VER=2.0.14.200'
2015-05-04 09:10:43+0000 [-] OVPN 0 OUT: 'Mon May 4 09:10:43 2015 xxx.xxx.xxx.xxx:59360 peer info: UV_PLAT_REL=14.3.0'
2015-05-04 09:10:43+0000 [-] AUTH SUCCESS {'status': 0, 'session_id': '[redacted]', 'reason': 'SESSION_ID auth succeeded', 'serial_list': [], 'user': 'nabrantes', 'proplist': {u'pvt_google_auth_secret_locked': u'true', u'prop_autogenerate': u'true', 'prop_deny': 'false', u'pvt_google_auth_secret': '[redacted]', u'type': u'user_compile', u'prop_superuser': u'true'}, 'common_name': u'nabrantes', 'serial': '2'} cli=u'mac'/u'2.3_ASC12f'
2015-05-04 09:10:43+0000 [-] OVPN 0 OUT: "Mon May 4 09:10:43 2015 MANAGEMENT: CMD 'client-auth 120 0'"
2015-05-04 09:10:43+0000 [-] OVPN 0 OUT: 'Mon May 4 09:10:43 2015 xxx.xxx.xxx.xxx:59360 Control Channel: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA'
2015-05-04 09:10:43+0000 [-] OVPN 0 OUT: 'Mon May 4 09:10:43 2015 xxx.xxx.xxx.xxx:59360 [nabrantes] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:59360'
2015-05-04 09:10:43+0000 [-] OVPN 0 OUT: 'Mon May 4 09:10:43 2015 nabrantes/xxx.xxx.xxx.xxx:59360 OPTIONS IMPORT: compression parms modified'
2015-05-04 09:10:43+0000 [-] OVPN 0 OUT: 'Mon May 4 09:10:43 2015 nabrantes/xxx.xxx.xxx.xxx:59360 MULTI: Learn: 172.27.224.5 -> nabrantes/xxx.xxx.xxx.xxx:59360'
2015-05-04 09:10:43+0000 [-] OVPN 0 OUT: 'Mon May 4 09:10:43 2015 nabrantes/xxx.xxx.xxx.xxx:59360 MULTI: primary virtual IP for nabrantes/xxx.xxx.xxx.xxx:59360: 172.27.224.5'
2015-05-04 09:10:45+0000 [-] OVPN 0 OUT: 'Mon May 4 09:10:45 2015 nabrantes/xxx.xxx.xxx.xxx:59360 send_push_reply(): safe_cap=940'
Google auth not enforced
-
- OpenVpn Newbie
- Posts: 1
- Joined: Thu Nov 12, 2015 2:11 am
Re: Google auth not enforced
Hi - I am having the same problem. I can continue to connect and am never prompted for the GA code.
I have enabled the option in "Client Settings" > "Configure Google Authenticator support" > "Require that users provide a Google Authenticator one-time password for every VPN login"
I have enabled the option in "Client Settings" > "Configure Google Authenticator support" > "Require that users provide a Google Authenticator one-time password for every VPN login"
-
- OpenVpn Newbie
- Posts: 9
- Joined: Mon Aug 10, 2015 6:26 pm
Re: Google auth not enforced
I'm also having the same problem. It displays the Google Authenticator information in the client web UI and the QR code works, but there doesn't seem to be any actual requirement to use the Authenticator to login.