Openvpn with 2FA extra challenge in Client

[yohighnest]

Hi,

anybody knows howto get the extra challenge working in the OpenVPN Client? I tried with Openvpn Connect V3 and Securepoint 2.0.38. As far is i know both Clients should be capable of asking for the otp token in a extra field.

I added:

static-challenge "TOTP Token" 1

in the server but this wasnt working. Any ideas?

[franco]

At this point I think this looks like trolling more than anything.


Cheers,
Franco

[yohighnest]

lol franco i think we are becoming friends. please checkout

https://openvpn.net/cloud-docs/two-factor-authentication-on-profile-download-2/

in the openvpn cloud this is already working. securepoint utm and the client seem to be capable of it.

if a ui designer is seeing the solution of prefixing the totp token to the password, he probably wants to die.

so this is no trolling but a valid question.

[franco]

Perhaps See https://github.com/opnsense/core/issues/3290#issuecomment-470026999 from 2019.


Cheers,
Franco

[mimugmail]

This has to be done at the client, Tunnelblick for Mac already has a separate OTP field putting the OTP behind the password

[yohighnest]

thx this was helpfull.

the ui designer asks me why this is not setting in the config export?

[franco]

It hasn't been explicitly requested and it could break your authentication so it was left as an advanced field option.


Cheers,
Franco

[mimugmail]

thx this was helpfull.

the ui designer asks me why this is not setting in the config export?

TBH I wasn't aware of the config setting, maybe there could be room for another checkbox to add during config export, but as franco said, custom options is your friend and export options get stored in config

Welcome to open source