1
16.1 Legacy Series / [SOLVED] Setting up RoadWarrior OpenVPN
« on: June 11, 2016, 01:40:40 am »
I'm using OPNsense 6.1.16-amd64, and following the instructions at https://docs.opnsense.org/manual/how-tos/sslvpn_client.html . I am trying to set up 2FA.
(Aside: there's some material missing in Step 0: Preparation in the section entitled "Create a Certificate" where it says "Fill in the form with (leave the rest default):". Here it needs to mention that the certificate to be created is a Server certificate called "SSLVPN Server Certificate" (for example, to match the text later).)
My problem comes in Step 1: Add SSL server. When you click the orange box saying "+ Add Server", the form doesn't include a field to select the Backend Authenticator. This means that when you click "Save", you get an error message at the top of the form pointing out that you must select a Backend Authentication method, but you can't.
If you use the Wizard to add a server (which took me a bit of working out - it's not so obvious that you can click on the magic wand) then at least you can add a server, because the first step is to set up a new Authentication Backend of one of three types (but none of them are OTP unfortunately).
Is there a workaround for this?
(Aside: there's some material missing in Step 0: Preparation in the section entitled "Create a Certificate" where it says "Fill in the form with (leave the rest default):". Here it needs to mention that the certificate to be created is a Server certificate called "SSLVPN Server Certificate" (for example, to match the text later).)
My problem comes in Step 1: Add SSL server. When you click the orange box saying "+ Add Server", the form doesn't include a field to select the Backend Authenticator. This means that when you click "Save", you get an error message at the top of the form pointing out that you must select a Backend Authentication method, but you can't.
If you use the Wizard to add a server (which took me a bit of working out - it's not so obvious that you can click on the magic wand) then at least you can add a server, because the first step is to set up a new Authentication Backend of one of three types (but none of them are OTP unfortunately).
Is there a workaround for this?