![]() ![]() Sudo python3 -m pip install u2fval-2.0.2.tar.gz We've updated the package recently so it needs to be downloaded from our github and installed with the following: The plugin uses a python script which interfaces with the u2fval package. Now OpenVPN will support U2F, we can configure the server for U2F. Setting up openvpn (2.4.8-1ubuntu1u2f2) Installing U2F Requirements To confirm you've installed the right version of OpenVPN, during the last step you should see a version of OpenVPN installed containing 'u2f', for example: Sudo apt install openvpn openvpn-u2f-plugin python3-pip Sudo add-apt-repository ppa:sparklabs/ppaĪnd the install the modified OpenVPN, the U2F plugin for OpenVPN and other requirements. Sudo apt install software-properties-common Next, add our PPA so you can install the modified version of OpenVPN: We've done the heavy lifting for you for Ubuntu 18.04 and 20.04, however if you would like to view the patch, or recompile OpenVPN yourself, you can download the patches here and here, or view them in our PPA.įirst, remove your current OpenVPN install and any other apt repo's you have added for OpenVPN, we're assuming you've followed our Ubuntu guide: ![]() The follow instructions for Ubuntu assume that you have already setup an OpenVPN server using our Setting up an OpenVPN server with Ubuntu and Viscosity guide.Īs this is a newer type of 2FA, OpenVPN needs some modifications to support U2F. A dynamic DNS service is fine if you are connecting back to your home For a server you are hosting on a VPS though for example, we recommend you register a domain address, something like. U2F requires that you must connect to your OpenVPN server with a domain name, not an IP Address. If you want to add a new user to be able to authenticate, you can simply add the new user with the useradd command in Ubuntu.Ī final requirement to support U2F is your server must have a FQDN. PAM uses the Ubuntu's user management to authenticate against so we don't need to manage an extra database of username and passwords. PAM authentication is the simplest form of username/password authentication we can use with OpenVPN. A username and password using PAM, and a challenge request using a YubiKey's U2F support. This guide will add two more authentication steps. This guide assumes you have followed one of our server setup guides and you are already able to connect to the server we will be modifying using certificate/key authentication. Your OpenVPN server has a Fully Qualified Domain Name (FQDN), more information below.You have a YubiCo YubiKey that supports U2F.Your copy of Viscosity is at least version 1.7.7.You already have a copy of Viscosity installed on your client device and already setup for this server.You have already an OpenVPN server running using one of our guides.You have root access to this installation.You have already installed the latest version of Ubuntu LTS (18.04 or 20.04 at time of writing).This guide will expand on setting up an OpenVPN server on Ubuntu by adding U2F support to that server using Viscosity's built in U2F support which was added in version 1.7.7. One type of 2FA is U2F (Universal Two Factor) with a YubiKey. This adds another security measure to prevent unwanted users connecting to your server. One way to do that is to use 2FA (Two Factor Authentication). After setting up your own OpenVPN server, you may want to enhance it's security. ![]()
0 Comments
Leave a Reply. |