NetworkManager openvpn gnome with 2FA?

Dear Fedora Community,

Is it possible to set up a VPN connection (openVPN) on Feodora 30 when the 2FA is activated ?
the gnome applet does not seem to ask for the google authenticator code.
Or do I have to put my password and the authenticator code at the same time ?

Can someone point me to the right documentation ?
Google has a lot of doc but mainly related to the server configuration…

Thanks,

regards,

Julien.

1 Like

AFAICT you need to add the TOTP code to your password. So if your password is ‘mysecret’ and your TOTP code is 123456 then you should enter ‘mysecret123456’. Here is a nice HOWTO describing such a setup:
https://www.mikejonesey.co.uk/security/2fa/openvpn-with-2fa

If you have an Android phone then there’s the FreeOTP client at FreeOTP · GitHub with the app available at Google Play https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp or F-Droid FreeOTP | F-Droid - Free and Open Source Android App Repository

1 Like

A note on Freeotp: it seems to not be actively maintained any more (last commit is from 2017). Please use an active alternative instead. (I migrated to andOTP recently which works quite well on Android).

https://github.com/freeotp/freeotp-android/issues/207

I tried to pass the TOTP code with the password like you mentioned, but it failed.

I reread the documentation (by the way I trying to connect to an OpenVPN AS server)

and the command line to setup the connection is:
openvpn --config client.ovpn --auth-user-pass --auth-retry interact

So is the gnome applet supposed to support this ?

Or should I fallback to use the command line ?

Thanks.

If you try the command line then you get hopefully more information what is happening. It may help to add --verb 4 to the command (see man openvpn). Are you sure that the OpenVPN server you are trying to connect to does support 2FA? Asking because 2FA requires installing additional software and configuration.

1 Like

I forgot to report that the gnome applet is supporting this OTP method.
It’s also a two step login.

  • First you need to enter the login password
  • and gnome will pop up a second window asking for the OTP.

regards.

1 Like