OpenVPN auth integration with Gate

[stoiev]

Hi!

I've setup a Gate box successfully and got an OpenVPN profile download page, as an admin (first user).
Nonetheless, I could not see a link between OpenVPN user authentication and the generated Gate user.

How does OpenVPN validates credentials and its OTP's in order to authenticate a Gate account? Should I configure a plugin on OpenVPN to call Gate or even Google Authenticator backend?

[misschak]

+1
It seems like after importing the user's profile to my openvpn client, it doesn't matter what username/password i put, openvpn does not seem to authenticate against google authenticator's pin. Is this the expected behaviour?

[ajeygore]

Hello Sorry to miss this out, are you guys still facing this problem, there are scripts under scripts directory which can help you with this.

[stoiev]

I think that's not a problem, but a misuse.

Script directory file's just prepare client .ovpn file and keys, and set auth-user-pass that force final user to fill openvpn credentials.

The issue is that I do not figured out which credential (user/password) is needed by the user, since there is no explicit integration between openvpn server and any auth backend. Does that integration must be manually configured (in PAM, with a gate plugin, or something like it)?

[ajeygore]

I will get back to you with all the steps, give me few days, I think there is a need of auto setup for that.

[krishnaastica]

@ajeygore Do we have an update on this? I too failed the setup exactly on this point.
I can up the Gate-SSO, using a valid user able to get the GoogleAuth and Also able to download the file. But how OpenVPN is going to know about these certificates and credentials??? Please help

[sassyn]

I think that's not a problem, but a misuse.

Script directory file's just prepare client .ovpn file and keys, and set auth-user-pass that force final user to fill openvpn credentials.

The issue is that I do not figured out which credential (user/password) is needed by the user, since there is no explicit integration between openvpn server and any auth backend. Does that integration must be manually configured (in PAM, with a gate plugin, or something like it)?

I will get back to you with all the steps, give me few days, I think there is a need of auto setup for that.

Can you please provide the info regard this?

I also missing how the VPNServer is doing the SAML auth...

Is the auth-user-pass is only used for the OTP? or also for the SAML?
I understand that the first login, in order to download the VPN Client profile you have to do a authentication via the the g-suite account, but does it also in the OpenVPN server?

Thank You

[sassyn]

Hi!

I've setup a Gate box successfully and got an OpenVPN profile download page, as an admin (first user).
Nonetheless, I could not see a link between OpenVPN user authentication and the generated Gate user.

How does OpenVPN validates credentials and its OTP's in order to authenticate a Gate account? Should I configure a plugin on OpenVPN to call Gate or even Google Authenticator backend?

Did u ever manage to figure this out?

[sassyn]

Hello Sorry to miss this out, are you guys still facing this problem, there are scripts under scripts directory which can help you with this.

Hi,

Did you have an answer for this?
Thank You