I have installed openvpn successfully on an AWS image. I have been able to setup google authenticator for ssh login into the server so I know google authenticator works ok.
I went to the as.conf file in /usr/local/openvpn_as/etc/as.conf and added "plugin /usr/lib/openvpn/openvpn-auth-pam.so openvpn"
I then confirmed the openvpn-auth-pam.so file exists:
-rwxr-xr-x 1 root root 15802 Jan 7 14:57 /usr/lib/openvpn/openvpn-auth-pam.so
I also create the /etc/pam.d/openvpn file
root@qavpn:/usr/local/openvpn_as# cat /etc/pam.d/openvpn
auth required pam_google_authenticator.so
I restarted the vpn client but yet I can still login to the VPN without google authenticator. What am I missing?
Thanks,
Olivier
Google Authenticator
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 6
- Joined: Mon Jan 07, 2013 5:13 pm
Re: Google Authenticator
I finally resolved this issue.
I did the install as per the docs and AWS and had everything working ok.
I downloaded the google-authenticator as per the docs.
I then downloaded the TAR file of the openvpn installation. This allowed me to create the /usr/lib/openvpn/openvpn-auth-pam.so file.
I then entered in the as.conf
plugin /usr/lib/openvpn/openvpn-auth-pam.so /etc/pam.d/openvpnas
and to the openvpnas file commented out all the lines that started with @ and added the following at the end of the file:
auth requisite pam_google_authenticator.so forward_pass
auth required pam_unix.so use_first_pass
account required pam_permit.so
This is a rough listing of notes but I hope it saves someone time.
I did the install as per the docs and AWS and had everything working ok.
I downloaded the google-authenticator as per the docs.
I then downloaded the TAR file of the openvpn installation. This allowed me to create the /usr/lib/openvpn/openvpn-auth-pam.so file.
I then entered in the as.conf
plugin /usr/lib/openvpn/openvpn-auth-pam.so /etc/pam.d/openvpnas
and to the openvpnas file commented out all the lines that started with @ and added the following at the end of the file:
auth requisite pam_google_authenticator.so forward_pass
auth required pam_unix.so use_first_pass
account required pam_permit.so
This is a rough listing of notes but I hope it saves someone time.