2fa support

[ironicbadger]

Can this support a VPN which requires a HOTP based pin + token arrangement? I can supply the values programatically but manually is preferred for security reasons via stdin.

[dperson]

I have no experience in using HOTP / TOTP with openvpn... the man page was less than illuminating, just referencing something to set so that you don't have to enter a new HOTP if there is a network glitch. Do you just use the HOTP + pin as the password?

The command line connection doesn't support interactive username / password entry (at least it didn't when I started building this container). I really doubt that it supports interactive HOTP token + PIN entry...

[dperson]

I'm closing this for now, due to lack of response. You can still reply to it and I'll get a notification, and/or either of us can reopen the ticket.

[rionnagel]

Hi i think there's way to use oathtool. For example I use on my laptop script to connect vpn via NetworkManager like this:

!/bin/bash

TMP2FA=$(oathtool --totp -b MY_2FA_PERSISTENT_KEY) echo "MY_VPN_PASSWORD $TMP2FA" | nmcli connection up MY_VPN_NAME --ask

Maybe possible to use this way with basic openvpn client.