Steven Haigh
2017-06-12 15:35:02 UTC
Hi all,
I have attached this script for comment to be considered for inclusion in the
contrib section of openvpn to use the Yubico Yubicloud authentication for the
Yubikey OTP.
Place the script in /etc/openvpn and configure as follows:
script-security 2
client-connect /etc/openvpn/yubikey-auth-tokens
auth-user-pass-verify /etc/openvpn/yubikey-auth-tokens via-file
client-cert-not-required
username-as-common-name
Right now, this requires 'reneg-sec 0' be set in the openvpn server config
file due to some issues in handling auth tokens in various configurations -
however hopefully when this gets fixed, it will keep the connection running
with an auth-token after the initial authentication by OTP.
Edit the yubikey-auth-tokens script and edit the %yubikeys hash with your list
of usernames and associated yubikey IDs.
Happy to receive feedback on the script, its operation, or implementation.
I have attached this script for comment to be considered for inclusion in the
contrib section of openvpn to use the Yubico Yubicloud authentication for the
Yubikey OTP.
Place the script in /etc/openvpn and configure as follows:
script-security 2
client-connect /etc/openvpn/yubikey-auth-tokens
auth-user-pass-verify /etc/openvpn/yubikey-auth-tokens via-file
client-cert-not-required
username-as-common-name
Right now, this requires 'reneg-sec 0' be set in the openvpn server config
file due to some issues in handling auth tokens in various configurations -
however hopefully when this gets fixed, it will keep the connection running
with an auth-token after the initial authentication by OTP.
Edit the yubikey-auth-tokens script and edit the %yubikeys hash with your list
of usernames and associated yubikey IDs.
Happy to receive feedback on the script, its operation, or implementation.
--
Steven Haigh
ð§ ***@crc.id.au ð» http://www.crc.id.au
ð +61 (3) 9001 6090 ð± 0412 935 897
Steven Haigh
ð§ ***@crc.id.au ð» http://www.crc.id.au
ð +61 (3) 9001 6090 ð± 0412 935 897