webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
bpfire/config/httpd/vhosts.d/ipfire-interface.conf
Timo Eissler e1e10515ec OpenVPN: Add support for 2FA / One-Time Password 
Add two-factor authentication (2FA) to OpenVPN host connections with
one-time passwords.

The 2FA can be enabled or disabled per host connection and requires the
client to download it's configuration again after 2FA has beend enabled
for it.
Additionally the client needs to configure an TOTP application, like
"Google Authenticator" which then provides the second factor.
To faciliate this every connection with enabled 2FA
gets an "show qrcode" button after the "show file" button in the
host connection list to show the 2FA secret and an 2FA configuration QRCode.

When 2FA is enabled, the client needs to provide the second factor plus
the private key password (if set) to successfully authorize.

This only supports time based one-time passwords, TOTP with 30s
window and 6 digits, for now but we may update this in the future.

Signed-off-by: Timo Eissler <timo.eissler@ipfire.org>
2022-06-17 10:20:17 +00:00

46 lines
1.5 KiB
Plaintext
Raw Permalink Blame History

<VirtualHost *:81>
DocumentRoot /srv/web/ipfire/html
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
RewriteRule .* - [F]
Header always set X-Content-Type-Options nosniff
Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src: 'self' data:"
Header always set Referrer-Policy strict-origin
Header always set X-Frame-Options sameorigin
<Directory /srv/web/ipfire/html>
Options ExecCGI
AllowOverride None
Require all granted
</Directory>
<DirectoryMatch "/srv/web/ipfire/html/(graphs|sgraph)">
Options SymLinksIfOwnerMatch
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=301,L]
</DirectoryMatch>
ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/
<Directory /srv/web/ipfire/cgi-bin>
Options SymLinksIfOwnerMatch
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}:444/$1 [R=301,L]
</Directory>
Alias /updatecache/ /var/updatecache/
<Directory /var/updatecache>
Options ExecCGI
AllowOverride None
Require all granted
</Directory>
Alias /repository/ /var/urlrepo/
<Directory /var/urlrepo>
Options ExecCGI
AllowOverride None
Require all granted
</Directory>
Alias /wpad.dat /srv/web/ipfire/html/proxy.pac
</VirtualHost>
Reference in New Issue View Git Blame Copy Permalink