Project

General

Profile

Actions

Feature #13260

open

Add support for OpenVPN static-challenge

Added by Diego Cortassa 2 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Authentication
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default

Description

When using Multi Factor authentication most OpenVPN clients offer a static-challenge option to make the client ask for the usual user and password plus an OTP. The client will pass a password in the form of a string containing "SCRV1:<password_base64>:<response_base64>"

OpnSense already support this with commit https://github.com/opnsense/core/commit/2c2eca7e2f25a46f96458e0d6d924541574cb9d8 as requested in this issue https://github.com/opnsense/core/issues/3290

It should be trivial to modify https://github.com/pfsense/pfsense/blob/master/src/etc/inc/openvpn.auth-user.php around line 45 https://github.com/pfsense/pfsense/blob/8f2f85c3d79f70dbde4332930ff81dd56c767e25/src/etc/inc/openvpn.auth-user.php#L45 in a similar way.

There is a similar request in the forums https://forum.netgate.com/topic/164678/openvpn-static-challenge-totp

No data to display

Actions

Also available in: Atom PDF