go-authy-openvpn

module

v0.0.0-...-11b0f43 Latest Latest Go to latest Published: Mar 12, 2018 License: MIT

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

README ¶

Go Authy OpenVPN

With Go Authy OpenVPN plugin you can add two-factor authentication to your VPN server in just minutes. It is a replacement for official Authy OpenVPN plugin which isn't updated anymore and is lacking Authy OneTouch support.

Pre-Requisites

Authy API key
OpenVPN server installation

Installation

From compiled package

Download latest release from GitHub
Extract tar archive in desired location on your server
Run post-install script

From source

Install requirements: Golang, build essentials
Run sudo make install

Check OpenVPN config

Open your OpenVPN configuration file in your prefered editor. If you allowed post-instal script from previous step to edit your server.conf you should now have something like this at the end of it:

plugin <go-authy-path>/auth_script.so <go-authy-path>/go-authy-openvpn -a <authy_api_key>

If you don't have something like tihs in your configuration, you should add it manually.

Configuration flags

In your OpenVPN you can add flags after go-authy-openvpn to configure it. This are curretly supported flags:

-a (required) Authy API key
-c (optional) Authy config file (default is /etc/openvpn/authy/authy-vpn.conf)
-g (optional) GeoLite2 city or country database path, if you want to have location displayed in OneTouch request

Migrating from official plugin

If you are already using official Authy OpenVPN plugin you can install this plugin with the steps above and then remove the old plugin from your OpenVPN server config. This plugin uses the same format of authy-vpn.conf so all your registered users will stay there.

Adding users

This plugin comes with a script, that helps you register users. To start adding users type: sudo authy-vpn-add-user

If the script was successful it will add username and Authy ID to /etc/openvpn/authy/authy-vpn.conf.

How it works

This plugin works with certificates based authentication. To login the user need certificate, username and password.

Password can be 4 different things:

OneTouch

If the provided password is onetouch the user will receive OneTouch push notification to Authy app where they can approve the login.

Token

Password can be TOTP token from Authy app or token the user received through SMS or call.

SMS or call

If the password is sms or call the plugin will make a request for that to Authy and will fail the login. Then the user will receive the token through SMS or call and will then use that token on next login.

VPN client configuration

Your users will need to add

auth-user-pass

to their client.conf.

Directories ¶

Path	Synopsis
src

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL