Openvpnas dual factor authentication

00_ren · 4. Juni 2015

Openmediavault Version - 1.19
Kernel - 3.2.0-4-amd64
Access Server Version 2.0.12

Hey guys,

I recently installed the OPENVPNAS server plugin and it worked flawlessly; that's until i enabled Google Authenticator Support. The system generated the QR Code for me to scan (it also generated the code for me to type into google auth app) however, the google auth codes generated failed to authenticate with the server.

So google auth support seems to be broken in the openvpnas plugin as it continually rejects the google auth code as being invalid.

ryecoaaron · 4. Juni 2015

The plugin is not the problem. All the plugin basically does is enable/disable it and give you an iframe to access the openvpnas web interface. All settings are only modified by openvpnas itself. It may not work in the iframe but any change should work when opened in a separate window/tab.

tekkb · 4. Juni 2015

It worked for me 1st try....

00_ren · 4. Juni 2015

Ok i found the issue and i feel kinda stupid. The time was off by two minutes on my cell phone. So my server time was 9:00PM and my cell was 8:58PM

tekkb · 4. Juni 2015

Code

# cd /usr/local/openvpn_as/scripts
# ./confdba -us -p <username> # Retrive current user properties
# ./sacli --user <username> UserPropDelAll  # Deletes user from OpenVPN database

2nd command gives you Google Authenticator info. for given user. Useful if you need to setup account again with the android app. If shows the key.
3rd command deletes user from OpenVPN AS so you can start over if problems with Google Auth.

When you setup an account in the android app for Google Authenticator your username@wanip, or user@ddnsaddress, whichever you used with your OpenVPN setup, is your account name. This is you use the "Enter the provided key" method. With the QR you may not have to do anything.

If you want to use the QR code method you should install a QR scanner app first.

PS- Wtih changes to the OpenVPN AS server you will usually have to uninstall and resintall the client app (OpenVPN Connect) on the clients.

00_ren · 5. Juni 2015

Zitat von tekkb
Code
# cd /usr/local/openvpn_as/scripts
# ./confdba -us -p <username> # Retrive current user properties
# ./sacli --user <username> UserPropDelAll  # Deletes user from OpenVPN database
2nd command gives you Google Authenticator info. for given user. Useful if you need to setup account again with the android app. If shows the key.
3rd command deletes user from OpenVPN AS so you can start over if problems with Google Auth.

When you setup an account in the android app for Google Authenticator your username@wanip, or user@ddnsaddress, whichever you used with your OpenVPN setup, is your account name. This is you use the "Enter the provided key" method. With the QR you may not have to do anything.

If you want to use the QR code method you should install a QR scanner app first.

PS- Wtih changes to the OpenVPN AS server you will usually have to uninstall and resintall the client app (OpenVPN Connect) on the clients.
Alles anzeigen

Thank you

tekkb · 5. Juni 2015

I thought those might be helpful. I will probably make a Guide here and link it to the Guides Index.

abpostelnicu · 7. April 2016

It seems that i encouter a strange behavior, i've configured to use google authenticator, i've scanned the code for admin user - openvpn but for each connection it doesn't trigger the box to enter the code generated by the app, instead it just connects me, i would highly like to avoid this. In contrast doing this with a regular user each time it brings me to the google authentication process.

Any ideas?

LE: for the moment i've set a real huge and complicated password(random mainly) but i don't think that this is the way to go

Jetzt mitmachen!