Hi,Adolf - I knew about that and included in the include.user file all the folders I thought were necessary. I tested restoring a backup on a lab machine and Google-authenticator 2FA OpenVPN appeared to work. Now, looking more closely at the lab machine, I see where 2FA OpenVPN is actually not working following the backup restore. However, it is also not erroring, so I can still establish an OpenVPN connection. Any number entered as a TOTP token in the login window works on the lab machine (including no number at all). That’s how I ended up in this fix!
Hi John,
Sorry, I misunderstood.
You didn’t misunderstand; I didn’t provide all the info initially. We have to avoid TL/DR. Thanks for responding. You don’t happen to have the pam_google_authenticator.so file you can send me, do you?
No, I am afraid I don’t. I haven’t used 2FA with IPFire.
Hello All,
I am trying to install google authenticator, but I am hitting 404 error while attempt to download google-auth-openvpn-1.09-1.ipfire & libqrencode-4.1.1-1.ipfire. Here are the links:
https://people.ipfire.org/~ummeegge/two_factor_auth/google-authenticator-openvpn/google-auth-openvpn-1.09-1.ipfire
https://people.ipfire.org/~ummeegge/two_factor_auth/google-authenticator-openvpn/libqrencode-4.1.1-1.ipfire
Appreciate if you could send me the files or provide the new link to me. Thank you so much
Thanks Eric. FYI, I located the file named pam_google_authenticator.so on another ipfire device I had deployed with google authenticator. I copied it to the “broken” device and that fixed the problem.
I will try these links on a lab machine and report back next week.
John
Eric - Works like a charm. Thanks, again. - John
Hello thank for the guide. I added those line to OVPN server.conf file, but i cannot find any server.user.conf and client.user.conf file to modify. May you indicate me how to do that. thanks.
Hi all,
please think about if you use ‘reneg-sec 0’ you kick out the DHE (Ephemeral) functions so the PFS is lost.
Best,
Erik