openvpn: T1548: remove authy 2fa provider

According to https://github.com/twilio/authy-openvpn commit 3e5dc73:
 > This plugin is no longer actively maintained. If you're interested in
   becoming a maintainer, we welcome forks of this project.

In addition this plugin was always missing in the current branch ov VyOS and
did not make it into VyOS 1.2 (crux)

If 2FA for OpenVPN is required we should probably opt for Google Authenticator
or if possible a U2F device.

2 files changed, 0 insertions, 79 deletions

diff --git a/interface-definitions/interfaces-openvpn.xml b/interface-definitions/interfaces-openvpn.xml
index d4e903c48..bb5c5a965 100644
--- a/interface-definitions/interfaces-openvpn.xml
+++ b/interface-definitions/interfaces-openvpn.xml
@@ -361,54 +361,6 @@
               <help>Server-mode options</help>
             </properties>
             <children>
-              <node name="2-factor-authentication">
-                <properties>
-                  <help>Two Factor Authentication providers</help>
-                </properties>
-                <children>
-                  <node name="authy">
-                    <properties>
-                      <help>Authy Two Factor Authentication providers</help>
-                    </properties>
-                    <children>
-                      <leafNode name="api-key">
-                        <properties>
-                          <help>Authy api key</help>
-                        </properties>
-                      </leafNode>
-                      <tagNode name="user">
-                        <properties>
-                          <help>Authy users (must be email address)</help>
-                          <constraint>
-                            <regex>[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$</regex>
-                          </constraint>
-                          <constraintErrorMessage>Invalid email address</constraintErrorMessage>
-                        </properties>
-                        <children>
-                          <leafNode name="country-calling-code">
-                            <properties>
-                              <help>Country calling codes</help>
-                              <constraint>
-                                <regex>[0-9]+$</regex>
-                              </constraint>
-                              <constraintErrorMessage>Invalid Country Calling Code</constraintErrorMessage>
-                            </properties>
-                          </leafNode>
-                          <leafNode name="phone-number">
-                            <properties>
-                              <help>Mobile phone number</help>
-                              <constraint>
-                                <regex>[0-9]+$</regex>
-                              </constraint>
-                              <constraintErrorMessage>Invalid Phone Number</constraintErrorMessage>
-                            </properties>
-                          </leafNode>
-                        </children>
-                      </tagNode>
-                    </children>
-                  </node>
-                </children>
-              </node>
               <tagNode name="client">
                 <properties>
                   <help>Client-specific settings</help>
diff --git a/src/conf_mode/interface-openvpn.py b/src/conf_mode/interface-openvpn.py
index e4bde7bb0..a8313378b 100755
--- a/src/conf_mode/interface-openvpn.py
+++ b/src/conf_mode/interface-openvpn.py
@@ -219,10 +219,6 @@ client-config-dir /opt/vyatta/etc/openvpn/ccd/{{ intf }}
 {% for option in options -%}
 {{ option }}
 {% endfor -%}
-
-{%- if server_2fa_authy_key %}
-plugin /usr/lib/authy/authy-openvpn.so https://api.authy.com/protected/json {{ server_2fa_authy_key }} nopam
-{% endif %}
 """
 
 client_tmpl = """
@@ -269,8 +265,6 @@ default_config_data = {
     'remote_address': '',
     'remote_host': [],
     'remote_port': '',
-    'server_2fa_authy_key': '',
-    'server_2fa_authy': [],
     'client': [],
     'server_domain': '',
     'server_max_conn': '',
@@ -453,31 +447,6 @@ def get_config():
     if conf.exists('replace-default-route local'):
         openvpn['redirect_gateway'] = 'local def1'
 
-    # Two Factor Authentication providers
-    # currently limited to authy
-    if conf.exists('2-factor-authentication authy api-key'):
-        openvpn['server_2fa_authy_key'] = conf.return_value('2-factor-authentication authy api-key')
-
-    # Authy users (must be email address)
-    for user in conf.list_nodes('server 2-factor-authentication authy user'):
-        # set configuration level
-        conf.set_level('interfaces openvpn ' + openvpn['intf'] + ' 2-factor-authentication authy user ' + user)
-        data = {
-            'user': user,
-            'country_code': '',
-            'mobile_number': ''
-        }
-
-        # Country calling codes
-        if conf.exists('country-calling-code'):
-            data['country_code'] = conf.return_value('country-calling-code')
-
-        # Mobile phone number
-        if conf.exists('phone-number'):
-            data['mobile_number'] = conf.return_value('phone-number')
-
-        openvpn['server_2fa_authy'].append(data)
-
     # Topology for clients
     if conf.exists('server topology'):
         openvpn['server_topology'] = conf.return_value('server topology')