I just successfully “configured OpenVPN server to use TOTP in connection with username/password authentication …” following your instructions, packages and expanded shell script.
-
I first got this how-to working: https://wiki.ipfire.org/configuration/services/openvpn/extensions/plugins/auth-pam .
-
I downloaded and installed the packages from: https://people.ipfire.org/~ummeegge/google-authenticator-openvpn/
-
I downloaded and ran the extended shell script and added users and then created the same users as road warriors in the ipFire OpenVPN web gui.
-
Advanced server setting enabled in ipFire OpenVPN gui.
-
The final step is not documented… I had to change a line in the customized /etc/pam.d/openvpn from
auth requisite /usr/lib/security/pam_google_authenticator.so secret=/var/ipfire/ovpn/google-authenticator/${USER} user=gauth forward_pass debug
to
auth requisite /usr/lib/security/pam_google_authenticator.so secret=/var/ipfire/ovpn/accounting/google-authenticator/${USER} user=gauth forward_pass debug
Thank you.
FYI, using ipFire 2.25 x86_64 Core Update 153.