OpenVPN: Add support for 2FA / One-Time Password

Add two-factor authentication (2FA) to OpenVPN host connections with one-time passwords. The 2FA can be enabled or disabled per host connection and requires the client to download it's configuration again after 2FA has beend enabled for it. Additionally the client needs to configure an TOTP application, like "Google Authenticator" which then provides the second factor. To faciliate this every connection with enabled 2FA gets an "show qrcode" button after the "show file" button in the host connection list to show the 2FA secret and an 2FA configuration QRCode. When 2FA is enabled, the client needs to provide the second factor plus the private key password (if set) to successfully authorize. This only supports time based one-time passwords, TOTP with 30s window and 6 digits, for now but we may update this in the future. Signed-off-by: Timo Eissler <timo.eissler@ipfire.org>
2026-04-26 19:00:34 +02:00 · 2022-04-08 10:50:20 +02:00
parent dc124917e3
commit e1e10515ec
9 changed files with 255 additions and 6 deletions
--- a/html/html/images/qr-code.png
+++ b/html/html/images/qr-code.png
--- a/html/html/images/qr-code.svg
+++ b/html/html/images/qr-code.svg
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!-- Generator: Adobe Illustrator 19.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
+	 viewBox="0 0 512 512" style="enable-background:new 0 0 512 512;" xml:space="preserve">
+<path d="M0,0v233.739h233.739V0H0z M200.348,200.348H33.391V33.391h166.957V200.348z"/>
+<rect x="66.783" y="66.783" width="100.174" height="100.174"/>
+<path d="M278.261,0v233.739H512V0H278.261z M478.609,200.348H311.652V33.391h166.957V200.348z"/>
+<rect x="345.043" y="66.783" width="100.174" height="100.174"/>
+<path d="M0,278.261V512h233.739V278.261H0z M200.348,478.609H33.391V311.652h166.957V478.609z"/>
+<rect x="66.783" y="345.043" width="100.174" height="100.174"/>
+<polygon points="278.261,278.261 278.261,512 345.043,512 345.043,478.609 311.652,478.609 311.652,411.826 345.043,411.826 
+	345.043,378.435 311.652,378.435 311.652,311.652 345.043,311.652 345.043,278.261 "/>
+<rect x="478.609" y="278.261" width="33.391" height="33.391"/>
+<polygon points="478.609,478.609 445.217,478.609 445.217,512 512,512 512,356.174 478.609,356.174 "/>
+<rect x="378.435" y="278.261" width="66.783" height="33.391"/>
+<polygon points="445.217,411.826 411.826,411.826 411.826,378.435 445.217,378.435 445.217,345.043 378.435,345.043 
+	378.435,445.217 445.217,445.217 "/>
+<rect x="378.435" y="478.609" width="33.391" height="33.391"/>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+</svg>