I updated my openvpn package installed using apt on Debian Stretch (currently on 2.4.0-6+deb9u2) to the 2.4.4 that is contained in stretch backports repository.
The update seemed to go fine, with no reported errors.
However, upon testing the actual server connection after the update, the update had broken the Multi Factor Authentication I had had setup using PAM to authenticate using the user password as well as a OTP code generated by google authenticator.
What was strange was that when I went into the log to investigate, I found that it was reporting that /usr/lib/openvpn/openvpn-plugin-auth-pam.so was missing, and I then discovered that the entire /usr/lib/openvpn directory had disappeared as a result of the update, which I thought was very strange.
I thought it would be as simple a fix as copying over the /usr/lib/openvpn directory and its contents from a .img backup I had of my debian installation. Whilst this fixed the missing file problem, the google-authenticator part of the module was no longer working, and authentication was failing every time.
It was not until I commented out
Code: Select all
auth required pam_google_authenticator.so forward_pass