Skip to content

3fs/go-authy-openvpn

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

History

19 Commits
scripts
scripts
src
src
vendor
vendor
.gitignore
.gitignore
LICENSE
LICENSE
Makefile
Makefile
README.md
README.md

Repository files navigation

Go Authy OpenVPN

With Go Authy OpenVPN plugin you can add two-factor authentication to your VPN server in just minutes. It is a replacement for officialAuthy OpenVPN plugin which isn't updated anymore and is lacking Authy OneTouch support.

Pre-Requisites

  1. Authy API key
  2. OpenVPN server installation

Installation

From compiled package

  1. Download latestreleasefrom GitHub
  2. Extract tar archive in desired location on your server
  3. Runpost-installscript

From source

  1. Install requirements: Golang, build essentials
  2. Runsudo make install

Check OpenVPN config

Open your OpenVPN configuration file in your prefered editor. If you allowedpost-instalscript from previous step to edit yourserver.conf you should now have something like this at the end of it:

plugin <go-authy-path>/auth_script.so <go-authy-path>/go-authy-openvpn -a <authy_api_key>

If you don't have something like tihs in your configuration, you should add it manually.

Configuration flags

In your OpenVPN you can add flags aftergo-authy-openvpnto configure it. This are curretly supported flags:

  • -a(required) Authy API key
  • -c(optional) Authy config file (default is/etc/openvpn/authy/authy-vpn.conf)
  • -g(optional)GeoLite2city or country database path, if you want to have location displayed in OneTouch request

Migrating from official plugin

If you are already using officialAuthy OpenVPN pluginyou can install this plugin with the steps above and then remove the old plugin from your OpenVPN server config. This plugin uses the same format ofauthy-vpn.confso all your registered users will stay there.

Adding users

This plugin comes with a script, that helps you register users. To start adding users type:sudo authy-vpn-add-user

If the script was successful it will add username and Authy ID to/etc/openvpn/authy/authy-vpn.conf.

How it works

This plugin works with certificates based authentication. To login the user need certificate, username and password.

Password can be 4 different things:

OneTouch

If the provided password isonetouchthe user will receive OneTouch push notification to Authy app where they can approve the login.

Token

Password can be TOTP token from Authy app or token the user received through SMS or call.

SMS or call

If the password issmsorcallthe plugin will make a request for that to Authy and will fail the login. Then the user will receive the token through SMS or call and will then use that token on next login.

VPN client configuration

Your users will need to add

auth-user-pass

to theirclient.conf.

About

Two-factor authentication for OpenVPN

Topics

openvpn two-factor-authentication authy 2fa

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

13 stars

Watchers

4 watching

Forks

2 forks
Report repository

Releases 3

v1.2 Latest
Mar 12, 2018
+ 2 releases

Packages

No packages published

Languages