GNOME Bugzilla – Bug 752740
[RFE] support OpenVPN challenge-response authentication
Last modified: 2016-03-24 21:30:07 UTC
We've just enabled Google authenticators on our VPN server. This is working perfectly with all of the official clients, but not NetworkManager. It appears that NM's OpenVPN component does not support OpenVPN's challenge/response protocol. See these links for more info: https://docs.openvpn.net/docs/access-server/openvpn-access-server-command-line-tools.html#google-authenticator-faq (under "Q: When Google Authenticator is enabled for an account, how does that affect the Access Server REST API?") https://github.com/OpenVPN/openvpn/blob/master/doc/management-notes.txt (last section of the document) How to reproduce: Try to login to an OpenVPN server with an account that has a Google Authenticator enabled. Expected results: NM prompts for the TOTP code and uses it to authenticate. Actual results: NM fails, leaving these messages in syslogs: Jul 22 16:04:06 blackkingbar nm-openvpn[24442]: AUTH: Received control message: AUTH_FAILED,CRV1:R,E:Nik4RUNdWU3u8AvxvyTRUCjog/i4w3Ef:YnNsdXNreQ==:OTP Token: Jul 22 16:04:06 blackkingbar nm-openvpn[24442]: SIGUSR1[soft,auth-failure] received, process restarting
Can I expand this bug to include support for "static-challenge" support as well? Effectively we have exactly the same set-up, but instead of the challenge-response method, we use the static-challenge method, but essentially it the same, it'll just require an additional configuration setting.
(In reply to russell from comment #1) > Can I expand this bug to include support for "static-challenge" support as > well? Effectively we have exactly the same set-up, but instead of the > challenge-response method, we use the static-challenge method, but > essentially it the same, it'll just require an additional configuration > setting. Let's close this as duplicate of bug 751842 and copy your request there. *** This bug has been marked as a duplicate of bug 751842 ***