Google Authenticator

odoisneau · Post by **odoisneau** » Mon Jan 07, 2013 5:22 pm

I have installed openvpn successfully on an AWS image. I have been able to setup google authenticator for ssh login into the server so I know google authenticator works ok.

I went to the as.conf file in /usr/local/openvpn_as/etc/as.conf and added "plugin /usr/lib/openvpn/openvpn-auth-pam.so openvpn"

I then confirmed the openvpn-auth-pam.so file exists:

-rwxr-xr-x 1 root root 15802 Jan 7 14:57 /usr/lib/openvpn/openvpn-auth-pam.so

I also create the /etc/pam.d/openvpn file

root@qavpn:/usr/local/openvpn_as# cat /etc/pam.d/openvpn
auth required pam_google_authenticator.so

I restarted the vpn client but yet I can still login to the VPN without google authenticator. What am I missing?

Thanks,

Olivier

odoisneau · Post by **odoisneau** » Fri Jan 11, 2013 3:59 pm

I finally resolved this issue.

I did the install as per the docs and AWS and had everything working ok.

I downloaded the google-authenticator as per the docs.

I then downloaded the TAR file of the openvpn installation. This allowed me to create the /usr/lib/openvpn/openvpn-auth-pam.so file.

I then entered in the as.conf

plugin /usr/lib/openvpn/openvpn-auth-pam.so /etc/pam.d/openvpnas

and to the openvpnas file commented out all the lines that started with @ and added the following at the end of the file:

auth requisite pam_google_authenticator.so forward_pass
auth required pam_unix.so use_first_pass
account required pam_permit.so

This is a rough listing of notes but I hope it saves someone time.

OpenVPN Support Forum

Google Authenticator

Google Authenticator

Re: Google Authenticator