summaryrefslogtreecommitdiff
path: root/data/templates/openvpn
diff options
context:
space:
mode:
authorzdc <zdc@users.noreply.github.com>2021-11-01 17:04:11 +0200
committerGitHub <noreply@github.com>2021-11-01 17:04:11 +0200
commit1b7c879b9fed2f4563477039bc6ddf4dc0db5829 (patch)
treea0ea609a933a4d2e54d5712e2b1671a19181c372 /data/templates/openvpn
parent3fd2ff423b6c6e992b2ed531c7ba99fb9e1a2123 (diff)
parent85bf315f71b411e3cdcd19793c4f7e1e5efed917 (diff)
downloadvyos-1x-1b7c879b9fed2f4563477039bc6ddf4dc0db5829.tar.gz
vyos-1x-1b7c879b9fed2f4563477039bc6ddf4dc0db5829.zip
Merge branch 'current' into T3350-sagitta
Diffstat (limited to 'data/templates/openvpn')
-rw-r--r--data/templates/openvpn/server.conf.tmpl6
1 files changed, 6 insertions, 0 deletions
diff --git a/data/templates/openvpn/server.conf.tmpl b/data/templates/openvpn/server.conf.tmpl
index 213c5c785..7a0470d0e 100644
--- a/data/templates/openvpn/server.conf.tmpl
+++ b/data/templates/openvpn/server.conf.tmpl
@@ -126,6 +126,12 @@ push "dhcp-option DNS6 {{ nameserver }}"
{% if server.domain_name is defined and server.domain_name is not none %}
push "dhcp-option DOMAIN {{ server.domain_name }}"
{% endif %}
+{% if server.mfa is defined and server.mfa is not none %}
+{% if server.mfa.totp is defined and server.mfa.totp is not none %}
+{% set totp_config = server.mfa.totp %}
+plugin "{{ plugin_dir}}/openvpn-otp.so" "otp_secrets=/config/auth/openvpn/{{ ifname }}-otp-secrets {{ 'otp_slop=' ~ totp_config.slop }} {{ 'totp_t0=' ~ totp_config.drift }} {{ 'totp_step=' ~ totp_config.step }} {{ 'totp_digits=' ~ totp_config.digits }} password_is_cr={{ '1' if totp_config.challenge == 'enable' else '0' }}"
+{% endif %}
+{% endif %}
{% endif %}
{% else %}
#