git.ipfire.org Git - people/teissler/ipfire-2.x.git/commit

author	Timo Eissler <timo.eissler@ipfire.org>
	Fri, 8 Apr 2022 08:50:20 +0000 (10:50 +0200)
committer	Timo Eissler <timo.eissler@ipfire.org>
	Fri, 8 Apr 2022 10:31:44 +0000 (12:31 +0200)
commit	536ca8d7549f5432a775ef7794e5b1ce5cd16bb3
tree	50cdd15877e5550c02e9762ae1e6aac6e9ac1d1a	tree
parent	62f0f66e367f402598de121a5bfb7e99560b73d0	commit \| diff

OpenVPN: Add support for 2FA / One-Time Password

Add two-factor authentication (2FA) to OpenVPN host connections with
one-time passwords.

The 2FA can be enabled or disabled per host connection and requires the
client to download it's configuration again after 2FA has beend enabled
for it.
Additionally the client needs to configure an TOTP application, like
"Google Authenticator" which then provides the second factor.
To faciliate this every connection with enabled 2FA
gets an "show qrcode" button after the "show file" button in the
host connection list to show the 2FA secret and an 2FA configuration QRCode.

When 2FA is enabled, the client needs to provide the second factor plus
the private key password (if set) to successfully authorize.

This only supports time based one-time passwords, TOTP with 30s
window and 6 digits, for now but we may update this in the future.

Signed-off-by: Timo Eissler <timo.eissler@ipfire.org>

config/httpd/vhosts.d/ipfire-interface-ssl.conf		diff \| blob \| blame \| history
config/httpd/vhosts.d/ipfire-interface.conf		diff \| blob \| blame \| history
config/ovpn/otp-verify	[new file with mode: 0644]	blob
html/cgi-bin/ovpnmain.cgi		diff \| blob \| blame \| history
html/html/images/qr-code.png	[new file with mode: 0644]	blob
html/html/images/qr-code.svg	[new file with mode: 0644]	blob
langs/de/cgi-bin/de.pl		diff \| blob \| blame \| history
langs/en/cgi-bin/en.pl		diff \| blob \| blame \| history
lfs/openvpn		diff \| blob \| blame \| history