Here’s what I learned when I migrated my company’s Road Warriors using OpenVPN on IpFire CU168 to OpenVPN with TOTP on CU171.
-
If users were running OpenVPN client version earlier than Community 2.5.7, released May 31, 2022, they received the error message, “Connecting to management interface failed…”
-
If users were running OpenVPN the latest client version, Community 2.5.8, released November 2, 2022, the log shows, “Sending PUSH_REQUEST to server…” and there is no handshake/connection completed.
-
Users running OpenVPN client version, Community 2.5.7, released May 31, 2022, are able to connect using their TOTP code.
FYI, here’s a sanitized version the OpenVPN client conf. file we are using. The server conf. file is the IPFire default.
#OpenVPN Client conf
tls-client
client
nobind
dev tun
proto udp
remote 555.555.5.111 1194
pkcs12 jqpublic.p12
cipher AES-256-CBC
auth SHA256
tls-auth ta.key
verb 3
remote-cert-tls server
verify-x509-name XYZ.com name
auth-nocache
auth-token-user USER
auth-token TOTP
auth-retry interact
#---------------------------
# Start of custom directives
# from client.conf.local
#---------------------------
sndbuf 0
rcvbuf 0
reneg-sec 0
#---------------------------
# End of custom directives
#---------------------------