From 1bf8788ff466d9c4f261c3979bc5924ecaa85fc0 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon, 12 May 2025 17:08:18 +0000
Subject: [PATCH] OpenVPN: Add auth-user-pass to the client configuration

Since we are doing a fake user authentication to get 2FA going, we need
to explicitley enable this. Usually clients were happy without this, but
somewhere it must have changed recently that clients require this set
explicitely.

Fixes: #13109 - openVPN, 2FA - client does not ask for One Time Token
Reported-by: Heino Gutschmidt <heino.gutschmidt@managedhosting.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 config/rootfiles/core/196/filelists/files | 1 +
 html/cgi-bin/ovpnmain.cgi                 | 1 +
 2 files changed, 2 insertions(+)

diff --git a/config/rootfiles/core/196/filelists/files b/config/rootfiles/core/196/filelists/files
index 70a9b7cfc1..1be17a3425 100644
--- a/config/rootfiles/core/196/filelists/files
+++ b/config/rootfiles/core/196/filelists/files
@@ -1,2 +1,3 @@
+srv/web/ipfire/cgi-bin/ovpnmain.cgi
 srv/web/ipfire/cgi-bin/pakfire.cgi
 var/ipfire/langs/list
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 20f256f4b2..92a72d7539 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -2326,6 +2326,7 @@ else
     print CLIENTCONF "auth-nocache\r\n";
 
     # Set a fake user name for authentication
+    print CLIENTCONF "auth-user-pass\r\n";
     print CLIENTCONF "auth-token-user USER\r\n";
     print CLIENTCONF "auth-token TOTP\r\n";
 
-- 
2.39.5