webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-27 19:23:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

OpenVPN: Add support for 2FA / One-Time Password

Browse Source 
Add two-factor authentication (2FA) to OpenVPN host connections with
one-time passwords.

The 2FA can be enabled or disabled per host connection and requires the
client to download it's configuration again after 2FA has beend enabled
for it.
Additionally the client needs to configure an TOTP application, like
"Google Authenticator" which then provides the second factor.
To faciliate this every connection with enabled 2FA
gets an "show qrcode" button after the "show file" button in the
host connection list to show the 2FA secret and an 2FA configuration QRCode.

When 2FA is enabled, the client needs to provide the second factor plus
the private key password (if set) to successfully authorize.

This only supports time based one-time passwords, TOTP with 30s
window and 6 digits, for now but we may update this in the future.

Signed-off-by: Timo Eissler <timo.eissler@ipfire.org>
This commit is contained in:
Timo Eissler
2022-04-08 10:50:20 +02:00
committed by Michael Tremer
parent dc124917e3
commit e1e10515ec
9 changed files with 255 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
config/httpd/vhosts.d/ipfire-interface-ssl.conf
View File

@@ -21,7 +21,7 @@
SSLCertificateKeyFile /etc/httpd/server-ecdsa.key
Header always set X-Content-Type-Options nosniff
Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"
Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:"
Header always set Referrer-Policy strict-origin
Header always set X-Frame-Options sameorigin

2
config/httpd/vhosts.d/ipfire-interface.conf
View File

@@ -7,7 +7,7 @@
RewriteRule .* - [F]
Header always set X-Content-Type-Options nosniff
Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"
Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src: 'self' data:"
Header always set Referrer-Policy strict-origin
Header always set X-Frame-Options sameorigin