OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

google authenticator with OpenVPN Access Server - Amazon AWS

https://forums.openvpn.net/viewtopic.php?t=11522

Page 1 of 1

google authenticator with OpenVPN Access Server - Amazon AWS

Posted: Wed Oct 17, 2012 3:17 pm
by treddy
Hi Guys,

I've installed OpenVPN Access Server AMI in Amazon Cloud ( as per instructions http://openvpn.net/index.php/access-ser ... r-ami.html) and have successfully established a tunnel to my AWS account using OpenVPN Client.

so far so good.

What I wish to do now is used google authenticator with the OpenVPN Client when logging in.

I've update /etc/pam.d/openvpnas with the following:

Code: Select all

auth    required                        pam_google_authenticator.so
I have also logged on to my OpenVPN Access Server and enabled PAM under the Authentication section.

When I attempt to re-login to OpenVPN Access Server using username / password+google OTP I get an "Incorrect login" message.

The following message is being logged in /etc/log/openvpnas.log

Oct 17 14:40:58 ip-10-78-0-247 openvpnas(pam_google_authenticator)[776]: Invalid verification code
Oct 17 14:40:58 ip-10-78-0-247 python[776]: pam_unix(openvpnas:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=USER1


Just wondering, am I using the correct format for logging in (i.e. username / password+google OTP )
Also, could anyone suggest some documentation / tutorials on using OpenVPN Access Server + google authenticator?
any help with solving this issue would be greatly appreciated,
Thanks - Tom

Re: google authenticator with OpenVPN Access Server - Amazon

Posted: Tue Oct 30, 2012 10:51 pm
by macropin
I'm bumping this in the hope that someone here can respond to the OP's request and document what they've done to set this up successfully on any distro. Inc OpenVPN config (plugin line), Pam config, and the version of Google Authenticator used.

It seems this is not officially documented anywhere, and the information available online is incomplete.

I've been trying to set this up on CentOS 6, but have not had much success either.

Re: google authenticator with OpenVPN Access Server - Amazon

Posted: Wed Oct 31, 2012 12:15 am
by macropin
Bumping.

I'm having the same issue here. Can someone please post working configs. It seems documentation online is lacking.

Re: google authenticator with OpenVPN Access Server - Amazon

Posted: Wed Oct 31, 2012 3:29 am
by macropin
Success. I have this working for CentOS 6, which should be very similar to Amazon AWS. But until my account is unmoderated I'm not going to post anymore here.

(I previously wrote a nice long post, explaining how I did this but due to the session timing out my post was lost.)

Re: google authenticator with OpenVPN Access Server - Amazon

Posted: Mon Jan 07, 2013 9:54 pm
by odoisneau
If anyone has any input on the answer to this posting, I would really appreciate it.

Thanks,

Re: google authenticator with OpenVPN Access Server - Amazon

Posted: Fri Jan 11, 2013 3:52 pm
by odoisneau
so if anyone has the same issue with this, I found the solution is to comment out all the entries in the /etc/pam.d/openvpnas entries that start with @. The rest is following the documentation but I hope that helps someone.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/