I have created a new OpenVPN certificate with OTP.
With that that being said, I have installed the OpenVPN certificate on my laptop and when prompted for the OpenVPN certificate, I then type it in however, the OpenVPN connection window then states that a ‘push request’ has been sent over several lines. Please note that I expected the push request to bring up a window where I could type in the two-factor authentication generated from the mobile app but it unfortunately never pops-up a window. Do you perhaps know what could be causing this?
Please note that I am using OpenVPN Community Edition 2.6.5 (windows client) and unfortunately the following message still persists within the connection window: ‘Push Request (Status=1)’
The error is always the same, the server requests the OTP from the client, which does not send it. All the OpenVPN Connect clients have this problem with OpenVPN server from IPFire. I do not use Windows so I cannot test this myself, however several people have reported success using that client. Hopefully someone will reply to help you out.
Well noted and just for interest sake - I made use of the Google Authenticator mobile application to add the OpenVPN OTP pin. Do you know what is most commonly used either than the mobile app I used?
Thank you for your response. Please note that the following lines: auth-user-pass, static-challenge “Enter your OTP” 0 enable the required token window to appear.
However, the following line: auth-user-pass eventually brings up a window where one needs to type in a username and password which is essentially not relevant to what we need and in past experiences, I used it for Google two-factor authentication. Is there perhaps another string of lines I could add to the config file to prevent the effect experienced?
But @thato when its help. I tested it with several Clients and the only Community Client what works with OTP without Problem is still the Version 2.5.7, released on 31 May 2022.
Try this Version, it will work. But do not forget to write this one line under tls-client. Like this
tls-client
reneg-sec 36000
This is important so that you don’t get kicked out after an hour.
Thank you for your response. It is much appreciated as well as noted.
Please note that I will ensure to test OTP authentication whilst making use of the OpenVPN version mentioned below and advise accordingly on the outcome thereof.
Kind Regards
Thato Phatedi, PROFILE DATA Tel:+27-11-728-5510 Email:thato@profile.co.za ProfileData is a specialist provider of investment data, both in electronic and print format. Profile Media publishes the Stock Exchange Handbook, the Unit Trusts and Collective Investments Handbook. Visit us at www.profile.co.za for product information, or www.sharedata.co.za for up-to-date listed company data and www.fundsdata.co.za for unit trust information.
----------------------- Original Message -----------------------
Since Core Update 175, when openssl-3.x was installed in IPFire, that is only needed if you are still using old connections using legacy certificates. If it is a newly created connection/certificate then it will not need the legacy line.
If old connections with legacy certificates are restored from backup then the code in IPFire will automatically add the providers legacy default to the config file.
Adding the two following lines inside the *.ovpn solve my problem with the Core-uptate 182 and the OpenVPN Community Client version 2.6.8. Before adding those two lines, no pup-up window is present to enter the OTP number for the F2A authentication.