diff options
| author | Kim <kim.sidney@gmail.com> | 2021-10-31 14:05:28 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-10-31 14:05:28 +0100 |
| commit | 629c169a43ffcff4a820cdafaeca430141815829 (patch) | |
| tree | 3fb7e28ad4da617c29977d95dac6c41690b291c8 /data | |
| parent | 062422db04f5ec6fd0a769f0d71faf4efa2d377f (diff) | |
| parent | 28db7b15426fffc0f656e8d26db397d7bfb72aee (diff) | |
| download | vyos-1x-629c169a43ffcff4a820cdafaeca430141815829.tar.gz vyos-1x-629c169a43ffcff4a820cdafaeca430141815829.zip | |
openvpn: T3834: Support for Two Factor Authentication totp
Diffstat (limited to 'data')
| -rw-r--r-- | data/templates/openvpn/server.conf.tmpl | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/data/templates/openvpn/server.conf.tmpl b/data/templates/openvpn/server.conf.tmpl index bdf88b85f..bc2790965 100644 --- a/data/templates/openvpn/server.conf.tmpl +++ b/data/templates/openvpn/server.conf.tmpl @@ -126,6 +126,12 @@ push "dhcp-option DNS6 {{ nameserver }}" {% if server.domain_name is defined and server.domain_name is not none %} push "dhcp-option DOMAIN {{ server.domain_name }}" {% endif %} +{% if server.mfa is defined and server.mfa is not none %} +{% if server.mfa.totp is defined and server.mfa.totp is not none %} +{% set totp_config = server.mfa.totp %} +plugin "{{ plugin_dir}}/openvpn-otp.so" "otp_secrets=/config/auth/openvpn/{{ ifname }}-otp-secrets {{ 'otp_slop=' ~ totp_config.slop }} {{ 'totp_t0=' ~ totp_config.drift }} {{ 'totp_step=' ~ totp_config.step }} {{ 'totp_digits=' ~ totp_config.digits }} password_is_cr={{ '1' if totp_config.challenge == 'enable' else '0' }}" +{% endif %} +{% endif %} {% endif %} {% else %} # |