OpenVPN: Add auth-user-pass to the client configuration

Since we are doing a fake user authentication to get 2FA going, we need
to explicitley enable this. Usually clients were happy without this, but
somewhere it must have changed recently that clients require this set
explicitely.

Fixes: #13109 - openVPN, 2FA - client does not ask for One Time Token
Reported-by: Heino Gutschmidt <heino.gutschmidt@managedhosting.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/config/rootfiles/core/196/filelists/files b/config/rootfiles/core/196/filelists/files
index 70a9b7cfc158e4944e5714cb5e52679a1608c86c..1be17a34250a49cfda3fea0cd4143df5d174a75d 100644 (file)
--- a/config/rootfiles/core/196/filelists/files
+++ b/config/rootfiles/core/196/filelists/files
@@ -1,2 +1,3 @@
+srv/web/ipfire/cgi-bin/ovpnmain.cgi
 srv/web/ipfire/cgi-bin/pakfire.cgi
 var/ipfire/langs/list

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 20f256f4b2e812099318385aaf419affca471d9f..92a72d7539bfaab2dc65a2c791a0db23f757c7c5 100644 (file)
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -2326,6 +2326,7 @@ else
     print CLIENTCONF "auth-nocache\r\n";
 
     # Set a fake user name for authentication
+    print CLIENTCONF "auth-user-pass\r\n";
     print CLIENTCONF "auth-token-user USER\r\n";
     print CLIENTCONF "auth-token TOTP\r\n";