starred/openvpn-otp
1
0
Fork 0
mirror of https://github.com/evgeny-gridasov/openvpn-otp.git synced 2026-04-25 05:15:57 +03:00
Code Issues 19 Projects Releases 1 Packages Wiki Activity

[GH-ISSUE #21] Add option to skip token auth and rely on cert auth for specific users? #14

New issue
Open
opened 2026-02-25 22:30:45 +03:00 by kerem · 2 comments
kerem commented 2026-02-25 22:30:45 +03:00
Owner
Copy link

Originally created by @tomekwojcik on GitHub (Sep 5, 2017).
Original GitHub issue: https://github.com/evgeny-gridasov/openvpn-otp/issues/21

Hello!

First of all, thanks for the plugin and all the work you're putting into it. It's much appreciated.

With that being said, I'd like to ask if it would be possible for you to add an option (e.g. in the otp_secrets file) that would allow me to tell the plugin that this particular user doesn't require token auth. The thing is, I have a bunch of different devices connecting to my server. Some of them are other servers and there's no way for me to enter OTPs when they connect to the VPN. OTOH, I have devices like my phone that would greatly benefit from OTPs.

In any case, thanks again for the plugin and have a nice day :).

Originally created by @tomekwojcik on GitHub (Sep 5, 2017). Original GitHub issue: https://github.com/evgeny-gridasov/openvpn-otp/issues/21 Hello! First of all, thanks for the plugin and all the work you're putting into it. It's much appreciated. With that being said, I'd like to ask if it would be possible for you to add an option (e.g. in the `otp_secrets` file) that would allow me to tell the plugin that this particular user doesn't require token auth. The thing is, I have a bunch of different devices connecting to my server. Some of them are other servers and there's no way for me to enter OTPs when they connect to the VPN. OTOH, I have devices like my phone that would greatly benefit from OTPs. In any case, thanks again for the plugin and have a nice day :).
kerem commented 2026-02-25 22:30:45 +03:00
Author
Owner
Copy link

@evgeny-gridasov commented on GitHub (Sep 7, 2017):

Hi Tomek,

How about we have a static password option in configuration and use that? I think that should be easy to implement. Alternatively, you may generate OTP using oathtool --totp -b YOURBASE32KEY and put it in OpenVPN password file before connection.

<!-- gh-comment-id:327660573 --> @evgeny-gridasov commented on GitHub (Sep 7, 2017): Hi Tomek, How about we have a static password option in configuration and use that? I think that should be easy to implement. Alternatively, you may generate OTP using `oathtool --totp -b YOURBASE32KEY` and put it in OpenVPN password file before connection.
kerem commented 2026-02-25 22:30:46 +03:00
Author
Owner
Copy link

@guywyers commented on GitHub (Dec 28, 2017):

Hi Tomek,

I have been having this same issue, but in the opposite direction: I have iOS users connecting with iOS "VPN On Demand" profiles. While this is a very cool feature, it doesn't allow any user interaction, so no passwords and no OTPs either.
What I settled on after some head scratching, is to run different VPN instances on the server side. One listens on port A and imposes LDAP plus OTP authentication. The other listens on port B and does not require any user authentication. It allows me to beef up security as much as possible in that second config, knowing that there is no user authentication happening.

Just thought to let you know.

<!-- gh-comment-id:354244421 --> @guywyers commented on GitHub (Dec 28, 2017): Hi Tomek, I have been having this same issue, but in the opposite direction: I have iOS users connecting with iOS "VPN On Demand" profiles. While this is a very cool feature, it doesn't allow any user interaction, so no passwords and no OTPs either. What I settled on after some head scratching, is to run different VPN instances on the server side. One listens on port A and imposes LDAP plus OTP authentication. The other listens on port B and does not require any user authentication. It allows me to beef up security as much as possible in that second config, knowing that there is no user authentication happening. Just thought to let you know.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
v1.0
Labels
Clear labels   
pull-request

Mirrored from GitHub Pull Request

No labels
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/openvpn-otp#14
No description provided.