search

kylemanna / docker-openvpn

🔒 OpenVPN server in a Docker container complete with an EasyRSA PKI CA
https://hub.docker.com/r/kylemanna/openvpn/
MIT License
8.68k stars 2.38k forks source link

two factor authentication - cannot get it to work #557

Open part-time-githubber opened 4 years ago

part-time-githubber commented 4 years ago
  1. first trying without two factor

Pick a name for the $OVPN_DATA data volume container

OVPN_DATA="ovpn-data-example"

Initialize the $OVPN_DATA container that will hold the configuration files and certificates

docker volume rm $OVPN_DATA docker volume create --name $OVPN_DATA

Generate server configuration

docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm kylemanna/openvpn ovpn_genconfig -u udp://100.64.19.178

Initialize the EasyRSA PKI

docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none -e EASYRSA_BATCH=1 --rm kylemanna/openvpn ovpn_initpki nopass

Start OpenVPN server process

docker run --name openvpn -v $OVPN_DATA:/etc/openvpn -d -p 1194:1194/udp --cap-add=NET_ADMIN --rm kylemanna/openvpn

Generate your client certificate (possibly without a password since you're using OTP)

docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm -it kylemanna/openvpn easyrsa build-client-full pankaj@example.com nopass

Retrieve the client configuration with embedded certificates

docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm kylemanna/openvpn ovpn_getclient pankaj@example.com > pankaj@example.com_1.ovpn

can connect using the downloaded vpn config

docker logs for open vpn server suggest AES-256-GCM being used

Mon Mar 9 04:40:59 2020 pankaj@example.com/172.17.0.1:55643 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Mon Mar 9 04:40:59 2020 pankaj@example.com/172.17.0.1:55643 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

  1. second trying without two factor

Pick a name for the $OVPN_DATA data volume container

OVPN_DATA="ovpn-data-example"

Initialize the $OVPN_DATA container that will hold the configuration files and certificates

docker volume rm $OVPN_DATA docker volume create --name $OVPN_DATA

Generate server configuration with -2

docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm kylemanna/openvpn ovpn_genconfig -u udp://100.64.19.178 -2

Initialize the EasyRSA PKI

docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none -e EASYRSA_BATCH=1 --rm kylemanna/openvpn ovpn_initpki nopass

Start OpenVPN server process

docker run --name openvpn -v $OVPN_DATA:/etc/openvpn -d -p 1194:1194/udp --cap-add=NET_ADMIN --rm kylemanna/openvpn

Generate your client certificate (possibly without a password since you're using OTP)

docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm -it kylemanna/openvpn easyrsa build-client-full pankaj@example.com nopass

Generate authentication configuration for your client. -t is needed to show QR code, -i is optional for interactive usage

docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm -it kylemanna/openvpn ovpn_otp_user pankaj@example.com

Retrieve the client configuration with embedded certificates

docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm kylemanna/openvpn ovpn_getclient pankaj@example.com > pankaj@example.com_2.ovpn

cannot connect using the downloaded vpn config

nothing in docker logs but testing with pamtester -v openvpn authenticate is good

how do i debug/fix two factor authentication?

PPillau commented 4 years ago

What exactly is your problem with this? Because I cannot get this to work either but for me it just says "authentication failed" on login...

part-time-githubber commented 4 years ago

I could get it to work finally. the sequence was something like -

export OVPN_DATA="ovpn-data-infra" docker volume create --name $OVPN_DATA docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm kylemanna/openvpn ovpn_genconfig -u udp://${google_compute_address.public_ip.address} -2 docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none -e EASYRSA_BATCH=1 --rm kylemanna/openvpn ovpn_initpki nopass

docker run --name openvpn -v $OVPN_DATA:/etc/openvpn -d -p 1194:1194/udp --cap-add=NET_ADMIN --rm kylemanna/openvpn

docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm kylemanna/openvpn easyrsa build-client-full ${chomp(var.auth_id)} nopass sudo bash -c "docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm pankajmt/openvpn ovpn_otp_user ${chomp(var.auth_id)} > /var/static/${chomp(var.auth_id)}_secret.txt" sudo bash -c "docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm kylemanna/openvpn ovpn_getclient ${chomp(var.auth_id)} > /var/static/${chomp(var.auth_id)}.ovpn"

On Sun, Apr 26, 2020 at 7:09 AM PPillau notifications@github.com wrote:

What exactly is your problem with this? Because I cannot get this to work either but for me it just says "authentication failed" on login...

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/kylemanna/docker-openvpn/issues/557#issuecomment-619441059, or unsubscribe https://github.com/notifications/unsubscribe-auth/AHVJHSRZCVJDW5X5CREOR5LRONGRFANCNFSM4LEBYPUA .

-- पंकज एम तोलानी