I am running openvpn3 with the dco module enabled, as per instructions. When I run it on a vanilla install of Linux Mint (kernel 5.4) it works perfectly. However, when I run it on Linux Mint Edge (kernel v 5.11) it hangs right before the 2FA prompt, but otherwise doesn't throw any errors. If I tell it --dco false the connection is able to complete, just without 2FA of course.
Can anyone help me figure out why the kernel difference would be causing this? Do I need to re-compile the dco module against the 5.11 kernel?
DCO Breaking 2FA?
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please report your experience with testing branch. Include what you were using and how
If there is a problem, the more info the better!
Please report your experience with testing branch. Include what you were using and how
If there is a problem, the more info the better!
- dazo
- OpenVPN Inc.
- Posts: 155
- Joined: Mon Jan 11, 2010 10:14 am
- Location: dazo :: #openvpn-devel @ libera.chat
Re: DCO Breaking 2FA?
Which version of OpenVPN 3 Linux are you running? The latest v16_beta should include some fixes to the 2FA authentication. We don't fully understand how how enabling DCO should change any behaviour in regards to 2FA auth. 2FA is not involved with the OpenVPN data channel. All authentication happens via the OpenVPN control channel, and these packets should just be passed on to the VPN client process in user space directly.
The kernel module is always required to be rebuilt against newer kernels, as that's how kernel modules behaves. Kernel modules have a strict 1:1 relation on the version the module is compiled against and the currently running kernel. That is not something we can change.
The kernel module is always required to be rebuilt against newer kernels, as that's how kernel modules behaves. Kernel modules have a strict 1:1 relation on the version the module is compiled against and the currently running kernel. That is not something we can change.