Преглед изворни кода

Optional 2FA support for OpenVPN (requires uncommenting on the server and pushing new client configs)

Justin Plock пре 10 година
родитељ
комит
921ae6957e
No account linked to committer's email address

+ 1
- 0
roles/vpn/files/etc_pam.d_openvpn Прегледај датотеку

@@ -0,0 +1 @@
1
+auth required pam_google_authenticator.so

+ 4
- 0
roles/vpn/tasks/openvpn.yml Прегледај датотеку

@@ -118,6 +118,10 @@
118 118
   copy: src=etc_dnsmasq.conf dest=/etc/dnsmasq.conf
119 119
   notify: restart dnsmasq
120 120
 
121
+- name: Copy OpenVPN PAM configuration file into place
122
+  copy: src=etc_pam.d_openvpn dest=/etc/pam.d/openvpn
123
+  notify: restart openvpn
124
+
121 125
 - name: Copy the ca.crt and ta.key files that clients will need in order to connect to the OpenVPN server
122 126
   command: cp {{ openvpn_path }}/{{ item[1] }} {{ openvpn_path }}/{{ item[0] }}
123 127
   with_nested:

+ 4
- 0
roles/vpn/templates/client.cnf.j2 Прегледај датотеку

@@ -14,5 +14,9 @@ cert client.crt
14 14
 key client.key
15 15
 ns-cert-type server
16 16
 tls-auth ta.key 1
17
+
18
+# If you'd like to enable 2FA support, uncomment the following line
19
+;auth-user-pass
20
+
17 21
 comp-lzo
18 22
 verb 3

+ 3
- 0
roles/vpn/templates/etc_openvpn_server.conf.j2 Прегледај датотеку

@@ -31,6 +31,9 @@
31 31
 # open up this port on your firewall.
32 32
 port {{ openvpn_port }}
33 33
 
34
+# Uncomment the following line if you wish to enable PAM support for 2FA
35
+;plugin /usr/lib/openvpn/openvpn-auth-pam.so openvpn
36
+
34 37
 # TCP or UDP server?
35 38
 ;proto tcp
36 39
 proto {{ openvpn_protocol }}

Loading…
Откажи
Сачувај