webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-27 19:23:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

openvpn-2fa: Configure fake authentication credentials

Browse Source 
These configuration option are required to make the client authenticate
itself against the server.

The server may then accept those credentials without any further ado or
ask for a OTP.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
Michael Tremer
2022-05-04 14:58:18 +01:00
parent 5111dc3df3
commit a999886759
1 changed files with 9 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
html/cgi-bin/ovpnmain.cgi
View File

@@ -2441,17 +2441,16 @@ else
if ($vpnsettings{FRAGMENT} ne '' && $vpnsettings{DPROTOCOL} ne 'tcp' ) {
print CLIENTCONF "fragment $vpnsettings{'FRAGMENT'}\r\n";
}
if ($confighash{$cgiparams{'KEY'}}[43] eq 'on') {
print CLIENTCONF "auth-nocache\r\n";
print CLIENTCONF "auth-user-pass credentials\r\n";
print CLIENTCONF "static-challenge \"One Time Password (OTP): \" 1\r\n";
open(CLIENTCREDS, ">$tempdir/credentials") or die "Unable to open tempfile: $!";
print CLIENTCREDS "user\r\n";
print CLIENTCREDS "password";
close(CLIENTCREDS);
$zip->addFile( "$tempdir/credentials", "credentials") or die "Can't add file credentials\n";
}
# Disable storing any credentials in memory
print CLIENTCONF "auth-nocache\r\n";
# Set a fake user name for authentication
print CLIENTCONF "auth-token-user USER\r\n";
print CLIENTCONF "auth-token TOTP\r\n";
# If the server is asking for TOTP this needs to happen interactively
print CLIENTCONF "auth-retry interact\r\n";
if ($include_certs) {
print CLIENTCONF "\r\n";