AUTH_METHOD=rancherlocal when Rancher uses Github auth

[emcniece]

I'm trying to set up the rancherlocal auth method. Setup works as expected and when trying to connect the VPN client prompts for a username and password (also expected).

The problem is that I can't seem to auth successfully against Rancher's API. My Rancher environment is using Github auth and restricting access to a single organization - so to access Rancher you have to "log in" with your Github account. It seems like the VPN may not be able to forward auth requests through Rancher to Github.

Has anyone successfully configured an OpenVPN server to auth against Rancher with Github auth enabled?

[dwene]

I'm in the same boat with you, seems you cant make this work when rancher auth is configured with github. And sadly Rancher wont allow you to change auth mechanisms once you've set them up.

[emcniece]

Haven't found a solution thus far. Thanks for piping up!

[tvollstaedt]

This propably won't help you, but I can confirm that Rancher auth works with Azure AD backend authentification configured.

[janajri]

@emcniece did you every find a solution to this issue?

[emcniece]

Negative @janajri

[bjerkins]

haven't tested it yet but perhaps you could generate Account API Key (API > Keys > Add Account API Key) and use the generated Access Key (Username) and Secret Key (Password) for the VPN prompt ?

[laukaichung]

@bjerkins
I've tried your suggestion. I've tried local auth instead of Github auth, but the access and secret key credentials do not work with openvpn.

Here are the environments:

    environment:
      AUTH_METHOD: rancherlocal
      AUTH_RANCHERLOCAL_URL: http://rancher-ip:8080/v1/token
      CERT_CITY: Birmingham
      CERT_COUNTRY: US
      CERT_EMAIL: some@gmail.com
      CERT_ORG: ACME
      CERT_OU: IT
      CERT_PROVINCE: AL
      OPENVPN_EXTRACONF: ''
      REMOTE_IP: hostip
      REMOTE_PORT: '1194'
      VPNPOOL_CIDR: '16'
      VPNPOOL_NETWORK: 10.43.0.0