New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OpenVPN: New policy certificate-otp for RW #6112
Comments
Create a new policy certificate-otp NethServer/dev#6112
New policy certificate-otp for R2W NethServer/dev#6112
New R2W policy certificate-otp NethServer/dev#6112
Cockpit: display otp checkbox for VPN R2W NethServer/dev#6112
Create the openvpn-certificate-otp folder NethServer/dev#6112
QA We have created a new policy " You have to take care that you have no warnings in logs
The
With another GH6111 we force to verify that the user A cannot use the certificate of user B, so in the configuration of your client, take care to set the good login, relevant to the CN of the certficate
the principle is when you connect to the VPN, the server asks for a password, you need to fill the OTP you can read on the smartphone For fun you can have it on the terminal of your remote server by ssh:
|
Auth-no cache directive for client NethServer/dev#6112
Postponed to NS 7.8 to minimize regressions: VPN are one of the most-used features during COVID-19 emergency. Of course, this feature can be manually installed also in NS 7.7 |
Everything verified using a Fedora and a CentOS 7 as a client. I'd like some more test from a Windows machine. |
Verified also with Windows. Before release, please prepare the doc. |
Most of time the password is written in a note close of the screen or the keyboard, this is a bug we could fix by a new policy to openvpn
these three factors are needed to authenticate a system-user.
Proposed solution
we will reuse pam-oath the solution we used with cockpit and ssh
Alternative solutions
google authenticator could be fun also, we could have a 4 factors (login+password+otp+certificate)
See also
https://community.nethserver.org/t/2fa-with-openvpn/15036
The text was updated successfully, but these errors were encountered: