Hi,
On Mon, May 18, 2020 at 04:15:55PM +0200, Arne Schwabe wrote:
> Implement a small e.g. python based management interface might also be
> possible but it would be an example that does a lot more than just that
> because you a bit more to have a something working with the management
> interface
OpenVPN 3 implements these messages to send information during the
authentication to the UI, implement these message also in OpenVPN 2.x
Signed-off-by: Arne Schwabe
---
src/openvpn/forward.c | 8
src/openvpn/push.c| 32
src/openvpn/push.h| 3
This implements sending AUTH_PENDING and INFO_PRE messages to clients
that indicate that the clients should be continue authentication with
a second factor. This can currently be out of band (openurl) or a normal
challenge/response two like TOTP (CR_TEXT).
Unfortunately this patch spend so much
When signalling the client that it should do Challenge response
without reconnecting (IV_SSO=crtext/INFOPRE=CR_TEXT), the server
needs forward the response via the management console.
Signed-off-by: Arne Schwabe
---
doc/management-notes.txt | 30 +-
This patchset implements the basic blocks for a more flexible
authentication protocol in OpenVPN. The basic idea is to instead of
giving a immediate deny/accept the client gets a additional challgen via
the info message to a 2FA method or external authentication with URL (e.g.
via SAML).
The
Signed-off-by: Arne Schwabe
---
src/openvpn/ssl.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index c2e9a4f3..f85ef3eb 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -2333,7 +2333,9 @@ push_peer_info(struct buffer *buf,
When a client announces its support to support text based
challenge/response via IV_SSO=crtext,the client needs to also
be able to reply to that response.
This adds the "cr-response" management function to be able to
do this. The answer should be base64 encoded.
Signed-off-by: Arne Schwabe
---
Your patch has been applied to the master branch.
(I would have ACKed this, but David was faster... "#ifdef ANDROID, if
not excessive, is mostly Arne's decision anyway")
commit cc76e177606ba336bbcb63ebc5e4d85b4116057f
Author: Arne Schwabe
Date: Mon May 18 17:54:27 2020 +0200
Refuse
On 18/05/2020 17:54, Arne Schwabe wrote:
> After the commit 042429d3 "build: Remove --disable-server from ./configure"
> Android needs another way to ensure that OpenVPN is not run in server mode.
>
> Signed-off-by: Arne Schwabe
> ---
> src/openvpn/options.c | 3 +++
> 1 file changed, 3