Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
openvpn with otp set but not being required to authenticate
« previous
next »
Print
Pages: [
1
]
Author
Topic: openvpn with otp set but not being required to authenticate (Read 511 times)
jmcgon
Newbie
Posts: 19
Karma: 0
openvpn with otp set but not being required to authenticate
«
on:
September 18, 2024, 06:23:50 am »
opnsense 23.1.11
I have openvpn set with server mode set to Remote Access (SSL/TLS + User Auth) set. According to the instructions I have this should require users access via vpn to enter their user name and then their local password + OTP. When a person provides these credentials it does work. However, a person can also access via vpn by just providing user name and password. OTP is not required, but will use it.
In the log files I see the following errors, repeatedly.
2024-09-18T03:56:30 Error openvpn_server1 ipaddress:59919 TLS Error: TLS handshake failed
2024-09-18T03:56:30 Error openvpn_server1 ipaddress:59919 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
When I search for the above error I see references to firewalls blocking the establishment of communication but in my case this error doesn't seem to apply since the vpn connection is made and functions. So, the TLS handshake error doesn't seem to lend evidence on why the OTP is accepted but not required.
I'm confused...
All suggestions and help appreciated.
Logged
itandautomation
Newbie
Posts: 3
Karma: 0
Re: openvpn with otp set but not being required to authenticate
«
Reply #1 on:
September 18, 2024, 09:57:40 am »
In the VPN Settings at Authentication, you have to change from
Local database to
Local Database with OTP
to make user of the second factor.
Logged
jmcgon
Newbie
Posts: 19
Karma: 0
Re: openvpn with otp set but not being required to authenticate
«
Reply #2 on:
September 18, 2024, 03:13:28 pm »
This the only place I can find to set to local database + otp and it is set. Unless I am missing something else.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
openvpn with otp set but not being required to authenticate