Re: Google Authenticator
71 views
Skip to first unread message
Message has been deleted
Rob Brien
Sep 15, 2019, 8:14:39 PM9/15/19
to tunnelblick-discuss
On Monday, 16 September 2019 10:13:00 UTC+10, Rob Brien wrote:
Hi, this is my first post in this group.I'm currently using Tunnelblick to connect to Openvpn - my current configuration uses a CA along with Public and Secret keys to authenticate and works well. However, i'd like to add a second factor of authentication and ideally would like to use Google Authenticator.Two questions:-
1. Is this possible, and
2. is there a document detailing the setup
Regards, Rob.
Larry Rosenman
Sep 15, 2019, 8:26:55 PM9/15/19
to tunnelbli...@googlegroups.com
Yes it's possible. I set up the google-authenticator PAM module.
--
You received this message because you are subscribed to the Google Groups "tunnelblick-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tunnelblick-dis...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/tunnelblick-discuss/d0c94592-f43a-4623-bb50-6cd2a6a1aa76%40googlegroups.com.
Larry Rosenman http://www.lerctr.org/~ler
Phone: +1 214-642-9640 (c) E-Mail: larr...@gmail.com
US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106
Phone: +1 214-642-9640 (c) E-Mail: larr...@gmail.com
US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106
Rob Brien
Sep 15, 2019, 8:50:27 PM9/15/19
to tunnelblick-discuss
Thanks Larry, I had installed the Google PAM but the client is still not requesting a code - it must be something simple so i'll go over the configs - i'm assuming the client itself doesn't need any modification.
Regards, Rob.
On Monday, 16 September 2019 10:26:55 UTC+10, Larry Rosenman wrote:
Yes it's possible. I set up the google-authenticator PAM module.
On Sun, Sep 15, 2019 at 7:14 PM Rob Brien <roba...@gmail.com> wrote:
--
On Monday, 16 September 2019 10:13:00 UTC+10, Rob Brien wrote:Hi, this is my first post in this group.I'm currently using Tunnelblick to connect to Openvpn - my current configuration uses a CA along with Public and Secret keys to authenticate and works well. However, i'd like to add a second factor of authentication and ideally would like to use Google Authenticator.Two questions:-1. Is this possible, and2. is there a document detailing the setupRegards, Rob.
You received this message because you are subscribed to the Google Groups "tunnelblick-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tunnelblick-discuss+unsub...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/tunnelblick-discuss/d0c94592-f43a-4623-bb50-6cd2a6a1aa76%40googlegroups.com.
Larry Rosenman
Sep 15, 2019, 8:54:48 PM9/15/19
to tunnelbli...@googlegroups.com
client config:
static-challenge 2fa: 1Server:
plugin /usr/lib/openvpn/plugins/openvpn-plugin-auth-pam.so openvpn login: USERNAME YubiKey OTP 2FA: OTP
static-challenge 2FA: 1
username-as-common-name
/etc/pam.d/openvpn:
auth required /lib/security/pam_google_authenticator.so secret=/etc/openvpn/google-authenticator/${USER} authtok_prompt=2FA: user=gauth forward_pass
On Sun, Sep 15, 2019 at 7:50 PM Rob Brien <roba...@gmail.com> wrote:
Thanks Larry, I had installed the Google PAM but the client is still not requesting a code - it must be something simple so i'll go over the configs - i'm assuming the client itself doesn't need any modification.
Regards, Rob.
On Monday, 16 September 2019 10:26:55 UTC+10, Larry Rosenman wrote:
Yes it's possible. I set up the google-authenticator PAM module.
On Sun, Sep 15, 2019 at 7:14 PM Rob Brien <roba...@gmail.com> wrote:
--
On Monday, 16 September 2019 10:13:00 UTC+10, Rob Brien wrote:Hi, this is my first post in this group.I'm currently using Tunnelblick to connect to Openvpn - my current configuration uses a CA along with Public and Secret keys to authenticate and works well. However, i'd like to add a second factor of authentication and ideally would like to use Google Authenticator.Two questions:-1. Is this possible, and2. is there a document detailing the setupRegards, Rob.
You received this message because you are subscribed to the Google Groups "tunnelblick-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tunnelblick-dis...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/tunnelblick-discuss/d0c94592-f43a-4623-bb50-6cd2a6a1aa76%40googlegroups.com.
--Larry Rosenman http://www.lerctr.org/~ler
Phone: +1 214-642-9640 (c) E-Mail: larr...@gmail.com
US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106
--
You received this message because you are subscribed to the Google Groups "tunnelblick-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tunnelblick-dis...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/tunnelblick-discuss/a0dce6bf-4bea-439d-b9ec-4b202b9ae95c%40googlegroups.com.
Rob Brien
Sep 16, 2019, 2:32:54 AM9/16/19
to tunnelblick-discuss
Thanks Larry, just need to reboot the server overnight and test.
Thanks for your support. Cheers, Rob.
On Monday, 16 September 2019 10:54:48 UTC+10, Larry Rosenman wrote:
client config:static-challenge 2fa: 1Server:plugin /usr/lib/openvpn/plugins/openvpn-plugin-auth-pam.so openvpn login: USERNAME YubiKey OTP 2FA: OTPstatic-challenge 2FA: 1username-as-common-name/etc/pam.d/openvpn:auth required /lib/security/pam_google_authenticator.so secret=/etc/openvpn/google-authenticator/${USER} authtok_prompt=2FA: user=gauth forward_pass
On Sun, Sep 15, 2019 at 7:50 PM Rob Brien <roba...@gmail.com> wrote:
Thanks Larry, I had installed the Google PAM but the client is still not requesting a code - it must be something simple so i'll go over the configs - i'm assuming the client itself doesn't need any modification.
Regards, Rob.
On Monday, 16 September 2019 10:26:55 UTC+10, Larry Rosenman wrote:
Yes it's possible. I set up the google-authenticator PAM module.
On Sun, Sep 15, 2019 at 7:14 PM Rob Brien <roba...@gmail.com> wrote:
--
On Monday, 16 September 2019 10:13:00 UTC+10, Rob Brien wrote:Hi, this is my first post in this group.I'm currently using Tunnelblick to connect to Openvpn - my current configuration uses a CA along with Public and Secret keys to authenticate and works well. However, i'd like to add a second factor of authentication and ideally would like to use Google Authenticator.Two questions:-1. Is this possible, and2. is there a document detailing the setupRegards, Rob.
You received this message because you are subscribed to the Google Groups "tunnelblick-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tunnelblick-discuss+unsub...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/tunnelblick-discuss/d0c94592-f43a-4623-bb50-6cd2a6a1aa76%40googlegroups.com.
--Larry Rosenman http://www.lerctr.org/~ler
Phone: +1 214-642-9640 (c) E-Mail: larr...@gmail.com
US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106
--
You received this message because you are subscribed to the Google Groups "tunnelblick-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tunnelblick-discuss+unsub...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/tunnelblick-discuss/a0dce6bf-4bea-439d-b9ec-4b202b9ae95c%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages