diff options
author | Christian Poessinger <christian@poessinger.com> | 2019-08-19 22:49:11 +0200 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2019-09-04 14:56:12 +0200 |
commit | f892e6846dc62ba992f8d233f0d8eb5a089249c3 (patch) | |
tree | b41923eb67243a029e261a1d0d2f68d1fab54b18 /src | |
parent | 212348145838e8791474b987efc624cba3fb8b00 (diff) | |
download | vyos-1x-f892e6846dc62ba992f8d233f0d8eb5a089249c3.tar.gz vyos-1x-f892e6846dc62ba992f8d233f0d8eb5a089249c3.zip |
openvpn: T1548: remove authy 2fa provider
According to https://github.com/twilio/authy-openvpn commit 3e5dc73:
> This plugin is no longer actively maintained. If you're interested in
becoming a maintainer, we welcome forks of this project.
In addition this plugin was always missing in the current branch ov VyOS and
did not make it into VyOS 1.2 (crux)
If 2FA for OpenVPN is required we should probably opt for Google Authenticator
or if possible a U2F device.
(cherry picked from commit 5d858f0e6ad05b032c88c88a08c15d0876c44e8b)
Diffstat (limited to 'src')
-rwxr-xr-x | src/conf_mode/interface-openvpn.py | 31 |
1 files changed, 0 insertions, 31 deletions
diff --git a/src/conf_mode/interface-openvpn.py b/src/conf_mode/interface-openvpn.py index e4bde7bb0..a8313378b 100755 --- a/src/conf_mode/interface-openvpn.py +++ b/src/conf_mode/interface-openvpn.py @@ -219,10 +219,6 @@ client-config-dir /opt/vyatta/etc/openvpn/ccd/{{ intf }} {% for option in options -%} {{ option }} {% endfor -%} - -{%- if server_2fa_authy_key %} -plugin /usr/lib/authy/authy-openvpn.so https://api.authy.com/protected/json {{ server_2fa_authy_key }} nopam -{% endif %} """ client_tmpl = """ @@ -269,8 +265,6 @@ default_config_data = { 'remote_address': '', 'remote_host': [], 'remote_port': '', - 'server_2fa_authy_key': '', - 'server_2fa_authy': [], 'client': [], 'server_domain': '', 'server_max_conn': '', @@ -453,31 +447,6 @@ def get_config(): if conf.exists('replace-default-route local'): openvpn['redirect_gateway'] = 'local def1' - # Two Factor Authentication providers - # currently limited to authy - if conf.exists('2-factor-authentication authy api-key'): - openvpn['server_2fa_authy_key'] = conf.return_value('2-factor-authentication authy api-key') - - # Authy users (must be email address) - for user in conf.list_nodes('server 2-factor-authentication authy user'): - # set configuration level - conf.set_level('interfaces openvpn ' + openvpn['intf'] + ' 2-factor-authentication authy user ' + user) - data = { - 'user': user, - 'country_code': '', - 'mobile_number': '' - } - - # Country calling codes - if conf.exists('country-calling-code'): - data['country_code'] = conf.return_value('country-calling-code') - - # Mobile phone number - if conf.exists('phone-number'): - data['mobile_number'] = conf.return_value('phone-number') - - openvpn['server_2fa_authy'].append(data) - # Topology for clients if conf.exists('server topology'): openvpn['server_topology'] = conf.return_value('server topology') |