From: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon, 12 May 2025 17:08:18 +0000 (+0000)
Subject: OpenVPN: Add auth-user-pass to the client configuration
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1bf8788ff466d9c4f261c3979bc5924ecaa85fc0;p=ipfire-2.x.git

OpenVPN: Add auth-user-pass to the client configuration

Since we are doing a fake user authentication to get 2FA going, we need
to explicitley enable this. Usually clients were happy without this, but
somewhere it must have changed recently that clients require this set
explicitely.

Fixes: #13109 - openVPN, 2FA - client does not ask for One Time Token
Reported-by: Heino Gutschmidt <heino.gutschmidt@managedhosting.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/config/rootfiles/core/196/filelists/files b/config/rootfiles/core/196/filelists/files
index 70a9b7cfc..1be17a342 100644
--- a/config/rootfiles/core/196/filelists/files
+++ b/config/rootfiles/core/196/filelists/files
@@ -1,2 +1,3 @@
+srv/web/ipfire/cgi-bin/ovpnmain.cgi
 srv/web/ipfire/cgi-bin/pakfire.cgi
 var/ipfire/langs/list
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 20f256f4b..92a72d753 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -2326,6 +2326,7 @@ else
     print CLIENTCONF "auth-nocache\r\n";
 
     # Set a fake user name for authentication
+    print CLIENTCONF "auth-user-pass\r\n";
     print CLIENTCONF "auth-token-user USER\r\n";
     print CLIENTCONF "auth-token TOTP\r\n";