Hi everyone, Is there a way for The OpenVPN Access Server to use the private Google Authenticator or the AS Google Authenticator can be called on other systems?
Because we have multiple systems that need to use Google Authenticator
thanks very much!!!!
is there a way to use the private Google Authenticator
-
- OpenVpn Newbie
- Posts: 5
- Joined: Sat Jun 05, 2021 10:30 am
-
- OpenVpn Newbie
- Posts: 5
- Joined: Sat Jun 05, 2021 10:30 am
Re: is there a way to use the private Google Authenticator
I found a way to use post-auth
But using the official test script, https://swupdate.openvpn.net/scripts/pascrs.py the test was not successful.
AUTH_NULL has been set to True, the login can still be successful, and there is no prompt to enter the year
Does any kind person tell me where I am wrong?
But using the official test script, https://swupdate.openvpn.net/scripts/pascrs.py the test was not successful.
AUTH_NULL has been set to True, the login can still be successful, and there is no prompt to enter the year
Code: Select all
./sacli -k auth.module.post-auth_script --value_file=/usr/local/openvpn_as/scripts/pascrs.py ConfigPut
[True, {}]
./sacli start
RunStart warm None
{
"errors": {},
"last_restarted": "Sun Jun 6 10:44:44 2021",
"service_status": {
"api": "on",
"auth": "on",
"bridge": "on",
"client_query": "on",
"crl": "on",
"daemon_pre": "on",
"db_push": "on",
"ip6tables_live": "on",
"ip6tables_openvpn": "on",
"iptables_live": "on",
"iptables_openvpn": "on",
"iptables_web": "on",
"log": "on",
"openvpn_0": "on",
"openvpn_1": "on",
"openvpn_2": "on",
"openvpn_3": "on",
"subscription": "on",
"user": "on",
"web": "on"
}
}
-
- OpenVPN Power User
- Posts: 156
- Joined: Thu Mar 28, 2013 8:31 am
Re: is there a way to use the private Google Authenticator
You can have OpenVPN AS assign it's own Google Authenticator/TOTP passcodes by following this document:
https://openvpn.net/vpn-server-resource ... ntication/
Most TOTP apps such as Google Authenticator allow for enrolling multiple different TOTP passcodes. I recommend taking advantage of that to have different TOTP passcodes per system when possible.
Also, if you have allowed the users to generate auto-login certificates then the pascrs script will be skipped. Try revoking the user certificate to force them to download a new certificate and client profile.
https://openvpn.net/vpn-server-resource ... ntication/
Most TOTP apps such as Google Authenticator allow for enrolling multiple different TOTP passcodes. I recommend taking advantage of that to have different TOTP passcodes per system when possible.
Also, if you have allowed the users to generate auto-login certificates then the pascrs script will be skipped. Try revoking the user certificate to force them to download a new certificate and client profile.
-
- OpenVpn Newbie
- Posts: 5
- Joined: Sat Jun 05, 2021 10:30 am
Re: is there a way to use the private Google Authenticator
Thanks for replying, my problem has been solvedchilinux wrote: ↑Sun Jun 06, 2021 8:58 amYou can have OpenVPN AS assign it's own Google Authenticator/TOTP passcodes by following this document:
https://openvpn.net/vpn-server-resource ... ntication/
Most TOTP apps such as Google Authenticator allow for enrolling multiple different TOTP passcodes. I recommend taking advantage of that to have different TOTP passcodes per system when possible.
Also, if you have allowed the users to generate auto-login certificates then the pascrs script will be skipped. Try revoking the user certificate to force them to download a new certificate and client profile.