Page 1 of 1

yubikey

Posted: Wed Aug 08, 2018 10:04 am
by jeffgbrock
I tried following the instructions on https://www.sparklabs.com/support/kb/ar ... viscosity/

I also tried using the U2F method (https://www.sparklabs.com/support/kb/ar ... viscosity/)

With the one time password method, it just never connects

The patched version of OpenVPN in method 2 would not install

I am using an OpenVPN 2.4 server installed on Ubuntu. Been my experience that when something won't make, you can chase failed dependencies until you are cross-eyed and never get it to work, so I am trying to get the simpler OTP method. I don't, however, know where to look for the problem. I tried it several times, and I know I didn't miss anything

Re: yubikey

Posted: Wed Aug 08, 2018 1:09 pm
by James
Hi jeffgbrock,

I recommend checking the OpenVPN log to see why you're unable to connect:
https://www.sparklabs.com/support/kb/ar ... envpn-log/

Please note that we can only offer support for the Viscosity side of things - we simply don't have the available capacity to support server setups. However generally the log should indicate what is going on.

Cheers,
James

Re: yubikey

Posted: Thu Aug 09, 2018 1:19 am
by jeffgbrock
Best I can tell, the problem lies in the script openvpn_otp_auth.py

I can connect fine with the certificate/key method.
If I add the lines
auth-user-pass-verify opevnpn_otp_auth.py via-env
script-security 3
and comment out user nobody/group/nogroup
to my server.conf file

then the log shows the connection attempt hanging until you get a 'TLS key negotiation failed to occur within 60 seconds...' error

The script has been made executable, it has been amended with the clientID/secret key from yubico
PAM and yubico-client are installed.

Re: yubikey

Posted: Tue Aug 14, 2018 11:54 pm
by James
It's possible there could be a problem with the Python install on the machine. Try running the command "/usr/bin/python /path/to/openvpn_otp_auth.py" and see it it's able to run (it'll of course fail as it's not being run by OpenVPN itself, but if you see any exceptions for missing dependancies etc. that is likely the problem).

Otherwise, I recommend setting up a clean install of Ubuntu inside a virtual machine, and setting it up under that. Assuming that it works, you should be able to work backwards to see where things are going wrong on your actual Ubuntu install.

Cheers,
James