git.ipfire.org Git - ipfire-2.x.git/commit

author	Timo Eissler <timo.eissler@ipfire.org>
	Fri, 8 Apr 2022 08:50:20 +0000 (10:50 +0200)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Fri, 17 Jun 2022 10:20:17 +0000 (10:20 +0000)
commit	e1e10515ece3bbe51936d572f32b14f02db6750d
tree	5ae634e969e34adbb4260f4040d5acbdb3689a5e	tree \| snapshot
parent	dc124917e3a0468ae4f1a4c6fe15ed3c68fc2f62	commit \| diff

OpenVPN: Add support for 2FA / One-Time Password

Add two-factor authentication (2FA) to OpenVPN host connections with
one-time passwords.

The 2FA can be enabled or disabled per host connection and requires the
client to download it's configuration again after 2FA has beend enabled
for it.
Additionally the client needs to configure an TOTP application, like
"Google Authenticator" which then provides the second factor.
To faciliate this every connection with enabled 2FA
gets an "show qrcode" button after the "show file" button in the
host connection list to show the 2FA secret and an 2FA configuration QRCode.

When 2FA is enabled, the client needs to provide the second factor plus
the private key password (if set) to successfully authorize.

This only supports time based one-time passwords, TOTP with 30s
window and 6 digits, for now but we may update this in the future.

Signed-off-by: Timo Eissler <timo.eissler@ipfire.org>

config/httpd/vhosts.d/ipfire-interface-ssl.conf		diff \| blob \| blame \| history
config/httpd/vhosts.d/ipfire-interface.conf		diff \| blob \| blame \| history
config/ovpn/otp-verify	[new file with mode: 0644]	blob
html/cgi-bin/ovpnmain.cgi		diff \| blob \| blame \| history
html/html/images/qr-code.png	[new file with mode: 0644]	blob
html/html/images/qr-code.svg	[new file with mode: 0644]	blob
langs/de/cgi-bin/de.pl		diff \| blob \| blame \| history
langs/en/cgi-bin/en.pl		diff \| blob \| blame \| history
lfs/openvpn		diff \| blob \| blame \| history