[feature request] OpenVPN with OTP and Challenge/Response #3290
Comments
tbandixen
changed the title
|
The Viscosity Client has this nice feature too. I dont know yet, what needs to be changed server side. I'm totaly new in the OpenVPN topic. |
tbandixen
changed the title
|
looks doable, it seems to encode the password differently when set: is the equivalent for password |
|
Is this related to this docu? |
|
yes, it seems so, specifically this: |
|
With this request, I hope that I can save my credentials in the vpn client and only have to enter the OTP... |
|
There will be one limitation, it won't support "reverse token order" Eventually this plugin should be detached from the configuration, so I don't want to add extra knobs and switches in now. |
|
I think there would be one extra knob, "Use seperate OTP window" (then the reverse token order should be disabled). |
|
it's a client setting only |
|
Really? Oh ok. But does the current auth code works? How can I test this? |
|
patience.... |
|
Sorry 😄 |
will do the trick |
|
It does the trick, but as you said, the limitation is that "Reverse token order" isn't selected. |
|
we might lift that limitation when working on #3266 |
|
@tbandixen It might be good to review and update our docs (https://github.com/opnsense/docs), if you would like to contribute on it that would be highly appreciated. |
|
Thank you for your quick interaction. I will definately have a look. Do you have a recommended hard-/software setup to test and maybe develop on the opnsense/core repo? I have a spare notebook... |
I think https://github.com/opnsense/tools would be it, right? |
|
you should be able to compile the docs with the steps described here https://github.com/opnsense/docs Thanks in advance! |
|
For core work set up a VM with OPNsense 19.1, change to development mode and update, then log into the console: |
|
Thank you, I will try both. |
|
When will the patch be included in the releases? 19.1.3 und 19.1.4 didn't include the patch. It would be nice if the "Custom config" would be persisted, but there is another request open (I think?) |
|
@tbandixen probably next version, I'll take a look at the custom config, kind of missed that one |
|
@tbandixen 24c5c67 is the custom config issue, it was saved, just not loaded properly |
|
Thank you, thats it 👍 |
I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
I have searched the existing issues and I'm convinced that mine is new.
Is your feature request related to a problem? Please describe.
The OpenVPN client has a nice option to add a challenge/response input box to enter a OTP, however I can't figure out how this should work in OPNsense.
I configured OpenVPN with google authenticator (which works great), but it requires to enter the number in combination with the password.
Describe the solution you'd like
I feel it would be much more user friendly if we could use the "static-challenge" option in the client.
Additional context
Just setting the static-challenge option in the client gives a "SIGUSR1[soft,auth-failure] received, process restarting".
The thread was opened by olivierfaber in the forum.
I just ported it to github, that we can discuss thing a bit nearer to the code 😄
The text was updated successfully, but these errors were encountered: