OTP Authentication

Good day,

I have created a new OpenVPN certificate with OTP.

With that that being said, I have installed the OpenVPN certificate on my laptop and when prompted for the OpenVPN certificate, I then type it in however, the OpenVPN connection window then states that a ‘push request’ has been sent over several lines. Please note that I expected the push request to bring up a window where I could type in the two-factor authentication generated from the mobile app but it unfortunately never pops-up a window. Do you perhaps know what could be causing this?

OTP works only in a windows client, community edition.

Thanks for your response.

Please note that I am using OpenVPN Community Edition 2.6.5 (windows client) and unfortunately the following message still persists within the connection window: ‘Push Request (Status=1)’

The error is always the same, the server requests the OTP from the client, which does not send it. All the OpenVPN Connect clients have this problem with OpenVPN server from IPFire. I do not use Windows so I cannot test this myself, however several people have reported success using that client. Hopefully someone will reply to help you out.

Well noted and just for interest sake - I made use of the Google Authenticator mobile application to add the OpenVPN OTP pin. Do you know what is most commonly used either than the mobile app I used?

Add this lines to OpenVPN config file (*.ovpn)

static-challenge “Enter your OTP” 0

And maybe this line for OpenSSL 1.1 support

providers legacy default

With default config you have disconnect after 1h. To extend the time add

reneg-sec 28800

Hi Sven,

Thank you for your response. Please note that the following lines: auth-user-pass,
static-challenge “Enter your OTP” 0 enable the required token window to appear.

However, the following line: auth-user-pass eventually brings up a window where one needs to type in a username and password which is essentially not relevant to what we need and in past experiences, I used it for Google two-factor authentication. Is there perhaps another string of lines I could add to the config file to prevent the effect experienced?

Check if your config file include this lines

auth-token-user USER
auth-token TOTP
auth-retry interact

Hi Sven,

Thank you for your response.

Yes. Kindly note that the OpenVPN certificate already had those line item.