summaryrefslogtreecommitdiff
path: root/interface-definitions/interfaces-openvpn.xml.in
diff options
context:
space:
mode:
authorKim Hagen <kim@sentrium.io>2021-08-17 07:04:34 -0500
committerKim Hagen <kim@sentrium.io>2021-08-17 07:04:34 -0500
commit6748dbe0100cfedf1b2f00884899e71729bfa9f3 (patch)
treee0499def57db0aa43328852f1f187af9cfcbb4d5 /interface-definitions/interfaces-openvpn.xml.in
parent415e572dfba776a981e2ec1e4331c30cd5cb59f3 (diff)
downloadvyos-1x-6748dbe0100cfedf1b2f00884899e71729bfa9f3.tar.gz
vyos-1x-6748dbe0100cfedf1b2f00884899e71729bfa9f3.zip
add part 2fa
Diffstat (limited to 'interface-definitions/interfaces-openvpn.xml.in')
-rw-r--r--interface-definitions/interfaces-openvpn.xml.in47
1 files changed, 47 insertions, 0 deletions
diff --git a/interface-definitions/interfaces-openvpn.xml.in b/interface-definitions/interfaces-openvpn.xml.in
index 7ff08ac86..1a07e7d91 100644
--- a/interface-definitions/interfaces-openvpn.xml.in
+++ b/interface-definitions/interfaces-openvpn.xml.in
@@ -635,6 +635,53 @@
</properties>
<defaultValue>net30</defaultValue>
</leafNode>
+ <node name="2fa">
+ <properties>
+ <help>2-factor authentication</help>
+ </properties>
+ <children>
+ <node name="totp">
+ <properties>
+ <help>Time-based One-Time Passwords</help>
+ </properties>
+ <children>
+ <leafNode name="slop">
+ <properties>
+ <help>Maximum allowed clock slop in seconds (default: 180)</help>
+ </properties>
+ <defaultValue>180</defaultValue>
+ </leafNode>
+ <leafNode name="t0">
+ <properties>
+ <help>time drift in seconds (default: 0)</help>
+ </properties>
+ <defaultValue>0</defaultValue>
+ </leafNode>
+ <leafNode name="step">
+ <properties>
+ <help>Step value for TOTP in seconds (default: 30)</help>
+ </properties>
+ <defaultValue>30</defaultValue>
+ </leafNode>
+ <leafNode name="digits">
+ <properties>
+ <help>Number of digits to use from TOTP hash (default: 6)</help>
+ </properties>
+ <defaultValue>6</defaultValue>
+ </leafNode>
+ <leafNode name="challenge">
+ <properties>
+ <help>expect password as result of a challenge response protocol (default: enabled)</help>
+ <constraint>
+ <regex>^(enable|disable)$</regex>
+ </constraint>
+ </properties>
+ <defaultValue>enable</defaultValue>
+ </leafNode>
+ </children>
+ </node>
+ </children>
+ </node>
</children>
</node>
<leafNode name="shared-secret-key">