0

I am trying to get openvpn client to work with google-authenticator and two-factor-authentication. I cannot alter the server in any way (i.e. I cannot do password/token concactenation via pam mods, etc).

I assume this would require recompiling the source code to include two-factor-authentication functionality from google code, so as to get prompted for two-factor-authentication code, after entering password.

Has anyone done this, or have any tips on doing this?

This is similar to the Viscosity software for osx/windoze, which uses the openvpn source code and adds the google-authenticator two-factor-authentication functionality. Unfortunately Viscosity, although based on openvpn, is closed source.

masegaloeh
  • 17,978
  • 9
  • 56
  • 104
nandoP
  • 2,001
  • 14
  • 15
  • 1
    I am really confused how you expect to do anything if you can't change the server? What exactly do you mean by "can't change the server". – Zoredache May 13 '15 at 03:13
  • What does tag [2fa] and [mfa] stand for? Two/Multi factor authentication or other meaning like company 2fa . com/? – masegaloeh May 13 '15 at 09:29
  • @masegaloeh 2-factor authentication (multi-factor authentication)..... feel free to read up on google authenticator – nandoP May 13 '15 at 13:19
  • @zoredache the server configuration is not able to be seen/changed,..... the openvpn *client* needs to support 2fa in order to connect to blackboxed openvpn server... the functionality i am looking for is the same as the closed source Viscosity openvpn-based client software... you dont need to touch the server to use Viscosity with 2fa/mfa – nandoP May 13 '15 at 13:22

1 Answers1

0

OK, I figured this out. openvpn 2.3.6 supports this by default (no need to recompile, plugins, etc).

So I need to add to ovpn conf file:

static-challenge "Enter Google Authenticator Code" 1
masegaloeh
  • 17,978
  • 9
  • 56
  • 104
nandoP
  • 2,001
  • 14
  • 15