13109 – openVPN, 2FA - client does not ask for One Time Token

Bug 13109 - openVPN, 2FA - client does not ask for One Time Token

Summary: openVPN, 2FA - client does not ask for One Time Token

Status:	NEW

Alias:	None

Product:	IPFire
Classification:	Unclassified
Component:	openvpn (show other bugs)
Version:	2
Hardware:	all Unspecified

Importance:	- Unknown - Security
Assignee:	Assigned to nobody - feel free to grab it and work on it
QA Contact:

URL:
Keywords:

Depends on:
Blocks:

Reported:	2023-05-19 11:07 UTC by Heino Gutschmidt
Modified:	2023-05-19 11:07 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Heino Gutschmidt 2023-05-19 11:07:23 UTC

OpenVPN client does not ask for One Time Token (if OTP is enabled for the user and the client package provided by IPFire is used to connect)

verified versions:

  - IPFire 2.27 (x86_64) - Core-Update 170 and 174
  - oss openVPN client 2.5.8 and 2.6.4


workaround: 

  - add option "auth-user-pass" to client's config file

fix:

  - insert into /srv/web/ipfire/cgi-bin/ovpnmain.cgi (around line 2452):

    print CLIENTCONF "auth-user-pass\r\n";