git.ipfire.org Git - people/teissler/ipfire-2.x.git/commit

author	Timo Eissler <timo.eissler@ipfire.org>
	Fri, 8 Apr 2022 08:50:20 +0000 (10:50 +0200)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Mon, 16 May 2022 13:56:22 +0000 (13:56 +0000)
commit	fe255e82d855ee72666fdcfaec4f885039a5b45b
tree	6979376532512f838a014cf422f026879a2765f2	tree \| snapshot
parent	b432a7cd97a254a1175c47f4349436f4b896905c	commit \| diff

OpenVPN: Add support for 2FA / One-Time Password

Add two-factor authentication (2FA) to OpenVPN host connections with
one-time passwords.

The 2FA can be enabled or disabled per host connection and requires the
client to download it's configuration again after 2FA has beend enabled
for it.
Additionally the client needs to configure an TOTP application, like
"Google Authenticator" which then provides the second factor.
To faciliate this every connection with enabled 2FA
gets an "show qrcode" button after the "show file" button in the
host connection list to show the 2FA secret and an 2FA configuration QRCode.

When 2FA is enabled, the client needs to provide the second factor plus
the private key password (if set) to successfully authorize.

This only supports time based one-time passwords, TOTP with 30s
window and 6 digits, for now but we may update this in the future.

Signed-off-by: Timo Eissler <timo.eissler@ipfire.org>

config/httpd/vhosts.d/ipfire-interface-ssl.conf		diff \| blob \| blame \| history
config/httpd/vhosts.d/ipfire-interface.conf		diff \| blob \| blame \| history
config/ovpn/otp-verify	[new file with mode: 0644]	blob
html/cgi-bin/ovpnmain.cgi		diff \| blob \| blame \| history
html/html/images/qr-code.png	[new file with mode: 0644]	blob
html/html/images/qr-code.svg	[new file with mode: 0644]	blob
langs/de/cgi-bin/de.pl		diff \| blob \| blame \| history
langs/en/cgi-bin/en.pl		diff \| blob \| blame \| history
lfs/openvpn		diff \| blob \| blame \| history