FreeIPA 4.5.4 + OpenVPN 2.4.6 + OTP

How to customize and extend your OpenVPN installation.
Post Reply
l0nedigit
OpenVpn Newbie
Posts: 3
Joined: Tue Nov 06, 2018 3:00 pm

FreeIPA 4.5.4 + OpenVPN 2.4.6 + OTP

Post by l0nedigit » Mon Nov 12, 2018 1:40 pm

Hello everyone,

I'm not sure if I am in the correct forum or not. But, I hope I am. Anyway, I am trying to get OTP to work the openvpn using FreeIPA for user account management. Has anyone ever set this up before?

I have tried a multitude of things with the openvpn pam shared object:
plugin openvpn-plugin-auth-pam.so "openvpn" (combining password+otp in one line)
plugin openvpn-plugin-auth-pam.so "openvpn login USERNAME password PASSWORD" (combining passowrd+otp in one line)
plugin openvpn-plugin-auth-pam.so "openvpn login USERNAME 'First Factor' PASSWORD 'Second Factor' OTP" (setting static-challeng in client.conf)

If I remove otp from the user account, I can login just fine. Just trying to wrap my head around the plugin so that it will work with FreeIPA OTP enabled accounts.


Any help is greatly appreciated.

Post Reply