install openvpn-openssl and luci-app-openvpn. A new page in the Luci web interface should appear. Click on VPN button in the bar and then on OpenVPN to open the OpenVPN config managment page (provided by the luci-app-openvpn package you just installed)
Here what I done : server. port 1194 proto udp dev tun ca "C:\\OpenVPN\\config\\ca.crt" cert "C:\\OpenVPN\\config\\server.crt" key "C:\\OpenVPN\\config\\server.key" # This file should be kept secret dh "C:\\OpenVPN\\config\\dh1024.pem" server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt client-to-client keepalive 10 120 comp-lzo persist-key persist-tun status openvpn-status.log verb 3 Nov 08, 2019 · # use username/password authentication auth-user-pass # do not cache auth info auth-nocache OpenVPN will re-negotiate username/password details every 3600 seconds by default. To disable that behaviour, add the following line to both client and server configs: # disable username/password renegotiation reneg-sec 0 auth-user-pass This tells OpenVPN client to ask the user for username and password or s/he will not be able to log in. You can also use "--auth-user-pass" (instead of the line in the config file) on the command line. I have split up the functions into separate files compared to predecessors (See page history). auth-user-pass-verify ./validate.sh via-env client-disconnect ./logoff.sh up ./openvpn.up Client config file port 1194 dev tap remote vpn.yourdomain.com tls-client auth-user-pass So may i have a question, how to create usename&password for auth-user-pass-verify. Where is it? Thaks Best Regard,
--auth-user-pass No file Using openvpn-gui does work. Using command: .\Config> openvpn client.ovpn for all 3 above *does* work. Due to the lack of complaints I presume not many people have tried this yet but this does not work as described in the manual.
--auth-user-pass [up] Authenticate with server using username/password. up is a file containing username/password on 2 lines (Note: OpenVPN will only read passwords from a file if it has been built with the --enable-password-save configure option, or on Windows by defining ENABLE_PASSWORD_SAVE in config-win32.h). Here what I done : server. port 1194 proto udp dev tun ca "C:\\OpenVPN\\config\\ca.crt" cert "C:\\OpenVPN\\config\\server.crt" key "C:\\OpenVPN\\config\\server.key" # This file should be kept secret dh "C:\\OpenVPN\\config\\dh1024.pem" server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt client-to-client keepalive 10 120 comp-lzo persist-key persist-tun status openvpn-status.log verb 3 Nov 08, 2019 · # use username/password authentication auth-user-pass # do not cache auth info auth-nocache OpenVPN will re-negotiate username/password details every 3600 seconds by default. To disable that behaviour, add the following line to both client and server configs: # disable username/password renegotiation reneg-sec 0 auth-user-pass This tells OpenVPN client to ask the user for username and password or s/he will not be able to log in. You can also use "--auth-user-pass" (instead of the line in the config file) on the command line. I have split up the functions into separate files compared to predecessors (See page history).
1 - Create a file in the OpenVPN/config folder named password.txt . On the first line type your user name. On the second line type your password . Save the file. 2 - Edit the .ovpn file referenced above in your launch string and find the line that reads 'auth-user-pass'. Change it to 'auth-user-pass password.txt'. Save and exit.
The purpose of this document is to guide readers through the configuration steps to use two factor authentication for OpenVPN using YubiKey. This document assumes that the reader has advanced knowledge and experience in Linux system administration, particularly for how PAM authentication mechanism is configured on a Linux platform.