The session seems to hang up on
‘PUSH_REQUEST’
I’m not sure what that means or where it’s getting stuck but I can see the traffic in tcpdump hitting my red interface, however there are no OpenVPN logs via the IPFire GUI. I only see these messages from my command: tail -f /var/log/messages | grep openvpn
Not sure what more information I can give to be helpful, and everyone else’ post seems to get past this point in the session.
Thank you for any help!
PUSH_REQUEST means that the server is waiting for the second factor authentication from the client. You can have that only on the windows platforms using the community edition of OpenVPN Connect.
In any other circumstance, if you want to use OpenVPN with IPFire, you have to uncheck the specific activation box of OTP when you create the configuration files for a new user, as the standard OpenVPN connect does not support it. I am not sure about MacOS clients like viscosity (they might work as well).
To disable OTP you can edit as well the configuration file, commenting out the option before importing the .ovpn and all certificates.
@cfusco Hi,
I would prefer to keep the MFA. The client I’m using on Linux is OpenVPN 2.5.9, which has the --auth-token parameter. It seems from reading the OpenVPN 2.5.9 manual, this parameter can be used to enter the token, but maybe I’m misunderstanding how they are expecting it to be used. If OpenVPN 2.5.9 doesn’t allow the possibility of using OTP, then is there a Linux VPN client you can recommend that will allow the use of OTP and *.ovpn config ?
Thank you for your quick response and taking the time to answer my question.
Cheers!
I only know that Windows community edition works. I am not aware of any other OpenVPN connect open source client that has implemented MFA. In MacOS, the commercial solution Viscosity can do MFA. That’s the extent of my knowledge.
OpenVPN is a business that has an open source development model. They make available the server code, their libraries, tools etc. but they also have proprietary code. If you buy their products, you have MFA. OpenVPN connect in windows has a community edition that has implemented whatever in the code was missing for MFA. My guess is that no one has ported that code to other “community editions”. I do not even think there are other community editions, besides the Android alternative client which has only one developer, as far as I know.