EFW Support
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
Sunday 10 November 2024, 03:50:58 am
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
The Latest Endian Firewall is now available for download
HERE
14250
Posts in
4377
Topics by
6515
Members
Latest Member:
hulteends
Search:
Advanced search
EFW Support
Support
VPN Support
Anyone get Two-Factor working in 2.3?
0 Members and 1 Guest are viewing this topic.
« previous
next »
Pages:
[
1
]
Author
Topic: Anyone get Two-Factor working in 2.3? (Read 14479 times)
fackler
Jr. Member
Offline
Posts: 6
Anyone get Two-Factor working in 2.3?
«
on:
Friday 19 February 2010, 01:56:19 am »
I am trying to get two-factor authentication going on a 2.3 install. We currently have two-factor auth working on a release 2 (c) EFW. Now I am trying to set up a new machine with EFW release 2.3-0 (Deployset #0) and get the two factor auth working there. I can VPN to the new 2.3 EFW with PSK but not the X.509 or X.509 & PSK options. I have used the same files that are currently working on the 2(c) EFW, transferring them to the new EFW by running:
/usr/bin/openssl pkcs12 -export -inkey hostkey.pem -in hostcert.pem -certfile cacert.pem -out pkcs12.p12 -nodes
And then copying pkcs12.p12, cacert.pem and dh1024.pem to the new EFW /var/efw/openvpn
But this hasn't worked. I have even created a whole new CA, server cert/key and client certs/keys packaged into pkcs12 and imported to the new EFW, but that hasn't worked.
So the question is: has ANYONE actually gotten two factor authentication working on 2.3?
http: // docs.endian.com/ vpn.html#advanced leaves out a few details.
Logged
mnicolazzo
Jr. Member
Offline
Posts: 8
Re: Anyone get Two-Factor working in 2.3?
«
Reply #1 on:
Friday 19 February 2010, 04:02:47 am »
Yes, it worked for me.
I created my CA and certificates, installed dh1024.pem and certificates on the server,
BUT I also needed to modify /etc/openvpn/openvpn.conf.tmpl template file.
I commented out the following line:
ns-cert-type client
by adding a '#' at the beginning of the line.
I think that the self-generated certificate for the client has not the 'client' flag set and thus is refused by the server with the default configuration.
After modifying the template file, save your current configuration from the web GUI, to propagate the change made in the template to the live openvpn.conf file, and try to connect again.
Logged
fackler
Jr. Member
Offline
Posts: 6
Re: Anyone get Two-Factor working in 2.3?
«
Reply #2 on:
Friday 19 February 2010, 04:51:05 am »
mnicolazzo you rock. That worked. So I guess the root of the problem is that I was trying to use client certs that didn't have the client flag set.
Logged
Pages:
[
1
]
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Announcements
-----------------------------
=> Project News
=> Latest News and Updates
-----------------------------
Support
-----------------------------
=> General Support
=> Installation Support
=> EFW SMTP, HTTP, SIP, FTP Proxy Support
=> VPN Support
=> Hardware Support
-----------------------------
Development
-----------------------------
=> EFW Wishlist
=> Contribute Your Customisations & Modifications
Page created in 0.042 seconds with 18 queries.
Powered by SMF 1.1 RC2
|
SMF © 2001-2005, Lewis Media
Design by
7dana.com