Comments (8)
@selvanair: thanks for your detailed explanation. I got it working now with "client-pending-auth" and a cr_text challenge and can confirm that it is working as expected without username and password.
from openvpn.
from openvpn.
That is fantastic news. Thank you! What about (2)?
from openvpn.
from openvpn.
No worries and thanks for your effort.
That would also work for our case, however we don't want to have the need to enter the username but have it derived from the certificate as is the default behavior.
from openvpn.
Static challenge is intimately coupled with auth-user-pass and cannot be used without it. Also embedding username/password with static-challenge enabled will work only for users who run from command line (and possibly via systemd). When using a UI that talks to the management interface (like Windows OpenVPN-GUI), the challenge will not get queried if user/pass are embedded or read from a file.
For your use case, it may be better to send a CR_TEXT challenge form the server using client-pending-auth
via management interface. For details see: https://github.com/OpenVPN/openvpn/blob/master/doc/management-notes.txt It will require some re-thinking of how server-side verification is implemented.
from openvpn.
Yes. As @selvanair explains it is very unlikely that we improve the old 2FA methods since we now have the much more flexible pending auth/crtext method.
from openvpn.
Closing the issue since the features are already implemented.
from openvpn.
Related Issues (20)
- OpenVPN with mbed TLS: no warning for unsupported LZO compression — successfully connects without warning but not operable HOT 8
- DNS for remote server not refreshed after power hibernation and restoring HOT 3
- --preresolve is not documented HOT 1
- Installation package download problem HOT 2
- key_state_gen_auth_control_files has subtle logic mistake HOT 2
- The OpenVPN process exits unexpectedly when using the DCO kernel module HOT 15
- tapctl.exe creates an adapter, but fails to rename it HOT 5
- Problems when reconnecting OpenVPN HOT 1
- I'm getting a certificate error when I use OpenVPN to access a website with HSTS turned on.
- The openvpn client suddenly disconnects HOT 3
- VPN stop working HOT 4
- Debian / Ubuntu: OpenVPN apt repositories HOT 2
- Unfair treatment for "Stub" Compression push? HOT 4
- connect error on kali linux HOT 9
- The visited host is unable to obtain the client IP of OpenVPN, only the IP of the OpenVPN server will be obtained HOT 1
- Cannot connect more than one client from behind a NAT firewall HOT 12
- openvpn tls handshake error in some isp like mci HOT 1
- Can openvpn’s open ports handle the following attacks? HOT 5
- Continuously sending DNS (queries/responses) HOT 4
- Name resolution not refreshed after "power hibernate-restore" on OpenVPN client PCs HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openvpn.