SparkLabs Forum.

Community Help.


yubikey

I tried following the instructions on https://www.sparklabs.com/support/kb/ar ... viscosity/

I also tried using the U2F method (https://www.sparklabs.com/support/kb/ar ... viscosity/)

With the one time password method, it just never connects

The patched version of OpenVPN in method 2 would not install

I am using an OpenVPN 2.4 server installed on Ubuntu. Been my experience that when something won't make, you can chase failed dependencies until you are cross-eyed and never get it to work, so I am trying to get the simpler OTP method. I don't, however, know where to look for the problem. I tried it several times, and I know I didn't miss anything
Hi jeffgbrock,

I recommend checking the OpenVPN log to see why you're unable to connect:
https://www.sparklabs.com/support/kb/ar ... envpn-log/

Please note that we can only offer support for the Viscosity side of things - we simply don't have the available capacity to support server setups. However generally the log should indicate what is going on.

Cheers,
James
Best I can tell, the problem lies in the script openvpn_otp_auth.py

I can connect fine with the certificate/key method.
If I add the lines
auth-user-pass-verify opevnpn_otp_auth.py via-env
script-security 3
and comment out user nobody/group/nogroup
to my server.conf file

then the log shows the connection attempt hanging until you get a 'TLS key negotiation failed to occur within 60 seconds...' error

The script has been made executable, it has been amended with the clientID/secret key from yubico
PAM and yubico-client are installed.
It's possible there could be a problem with the Python install on the machine. Try running the command "/usr/bin/python /path/to/openvpn_otp_auth.py" and see it it's able to run (it'll of course fail as it's not being run by OpenVPN itself, but if you see any exceptions for missing dependancies etc. that is likely the problem).

Otherwise, I recommend setting up a clean install of Ubuntu inside a virtual machine, and setting it up under that. Assuming that it works, you should be able to work backwards to see where things are going wrong on your actual Ubuntu install.

Cheers,
James
4 posts Page 1 of 1

Copyright © 2016 SparkLabs Pty Ltd. All Rights Reserved. Privacy Policy