Bug 13109

Summary:	openVPN, 2FA - client does not ask for One Time Token
Product:	IPFire	Reporter:	Heino Gutschmidt <heino.gutschmidt>
Component:	---	Assignee:	Michael Tremer <michael.tremer>
Status:	CLOSED FIXED	QA Contact:
Severity:	Security
Priority:	- Unknown -	CC:	adolf.belka, michael.tremer
Version:	2
Hardware:	all
OS:	Unspecified

Description Heino Gutschmidt 2023-05-19 11:07:23 UTC

OpenVPN client does not ask for One Time Token (if OTP is enabled for the user and the client package provided by IPFire is used to connect)

verified versions:

  - IPFire 2.27 (x86_64) - Core-Update 170 and 174
  - oss openVPN client 2.5.8 and 2.6.4


workaround: 

  - add option "auth-user-pass" to client's config file

fix:

  - insert into /srv/web/ipfire/cgi-bin/ovpnmain.cgi (around line 2452):

    print CLIENTCONF "auth-user-pass\r\n";

Comment 1 Adolf Belka 2025-04-16 13:25:46 UTC

As this bug is related to IPFire-2.x then the component should always be --- as per the IPFire bug reporting documentation.

Comment 2 Michael Tremer 2025-05-12 17:21:35 UTC

> https://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=1bf8788ff466d9c4f261c3979bc5924ecaa85fc0

Thank you for reporting this.

Comment 3 Adolf Belka 2025-07-01 09:42:12 UTC

https://www.ipfire.org/blog/ipfire-2-29-core-update-196-is-available-for-testing

Comment 4 Adolf Belka 2025-09-24 20:43:06 UTC

https://www.ipfire.org/blog/ipfire-2-29-core-update-196-released