We are having OpenVPN server 5.3. hosted on Linux machines. Which is connected to our LDAP to fetch users, as well as uses OTP as the second level of authentication.
Clients are using Linux, macOS, Windows.
On Linux, macOS and phones are working without problems. The client gives his username/password + OTP and he is connected.
On the OpenVPN Connect v3 client for Windows, it is not working. Version v2 is working but it is quite outdated,
The problem is line 'static-challenge in our configuration.
The client asks the user about OTP, but then it loops and asks him again and again.
Not initiating the connection at all. Check by logs on a client as well as a server that nothing is happening.
When we remove 'static-challenge from client configuration. It will then try to connect but without the OTP, the connection is rejected.
Does anyone know any workaround for this?
Notes.
This is supported with two modules:
https://github.com/guywyers/openvpn-auth-ldap
https://github.com/evgeny-gridasov/openvpn-otp
Server version: 2.5.4
Clients version Linux: 2.3 up to 2.5.3
macOS: Thunderclick
Windows: OpenVPN Connect v3
v3 client OTP not working
-
ormi
- OpenVpn Newbie
- Posts: 2
- Joined: Fri Sep 24, 2021 12:49 pm
Re: v3 client OTP not working
After many attempts, I managed to find a solution.
You need to take your server .crt and .key and create a pcks #12 windows certificate format as follows:
Then add this certificate to youur OpenVPN v3 Connect. The same way you add VPN configuration.
After that, the VPN process come through without problems.
In OpenVPN v2 it works still without the cert.
You need to take your server .crt and .key and create a pcks #12 windows certificate format as follows:
Code: Select all
openssl pkcs12 --export --out server.p12 --inkey server.key --in server.crtAfter that, the VPN process come through without problems.
In OpenVPN v2 it works still without the cert.