Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
OpenVPN with OTP and static-challenge
« previous
next »
Print
Pages: [
1
]
Author
Topic: OpenVPN with OTP and static-challenge (Read 6726 times)
olivierfaber
Newbie
Posts: 1
Karma: 0
OpenVPN with OTP and static-challenge
«
on:
October 29, 2018, 10:01:53 am »
The OpenVPN client has a nice option to add a challenge/response input box to enter a OTP, however I can't figure out how this should work in OPNsense.
I configured OpenVPN with google authenticator (which works), but it requires my colleagues to enter the number in front of the password. I feel it would be much more user friendly if we could use the "static-challenge" option in the client (screenshot attached).
Just setting the static-challenge option in the client gives a "SIGUSR1[soft,auth-failure] received, process restarting".
Has anyone tried to configure it like this? Is it even possible?
Logged
guywyers
Newbie
Posts: 13
Karma: 3
Re: OpenVPN with OTP and static-challenge
«
Reply #1 on:
March 03, 2019, 12:49:13 pm »
I had this working too in a config with openvpn on a standalone linux box.
I even patched two openvpn plugins (
https://github.com/threerings/openvpn-auth-ldap
and
https://github.com/evgeny-gridasov/openvpn-otp
) to get it to work.
Although I'm a huge fan of OpnSense, I never succeeded in getting this to work and would love to see it on the feature list.
For it to work, the password that is returned from the client needs to be processed in a specific way. This in turn requires the authentication module (whatever that is) to 1/ be
aware
that it is not the usual password it is receiving and 2/ to do the
specific processing
to split up the normal password and the otp reply.
Logged
tbandixen
Newbie
Posts: 18
Karma: 2
Re: OpenVPN with OTP and static-challenge
«
Reply #2 on:
March 05, 2019, 02:08:10 pm »
I would realy love to see this feature on the roadmap!
(Viscosity has this feature too.)
«
Last Edit: March 05, 2019, 02:12:03 pm by tbandixen
»
Logged
APU1D4 (PC Engines) with OPNsense 19.1.2
Wingo FTTH 1 Gbit/s
franco
Administrator
Hero Member
Posts: 17665
Karma: 1611
Re: OpenVPN with OTP and static-challenge
«
Reply #3 on:
March 05, 2019, 07:34:05 pm »
Tickets please, you guys and gals know the drill...
Logged
tbandixen
Newbie
Posts: 18
Karma: 2
Re: OpenVPN with OTP and static-challenge
«
Reply #4 on:
March 06, 2019, 08:09:20 am »
Feature request opened.
To keep things together here is the issue
https://github.com/opnsense/core/issues/3290
.
«
Last Edit: March 06, 2019, 08:35:11 am by tbandixen
»
Logged
APU1D4 (PC Engines) with OPNsense 19.1.2
Wingo FTTH 1 Gbit/s
tbandixen
Newbie
Posts: 18
Karma: 2
Re: OpenVPN with OTP and static-challenge
«
Reply #5 on:
March 06, 2019, 10:53:53 am »
As AdSchellevis mentioned:
Code:
[Select]
opnsense-patch 2c2eca7
will do the trick
Logged
APU1D4 (PC Engines) with OPNsense 19.1.2
Wingo FTTH 1 Gbit/s
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
OpenVPN with OTP and static-challenge