Skip to content
FIDO2 Doesn't show FIDO2-Screen
Got a problem with Viscosity or need help? Ask here!
Using viscosity client: 1.9.1b3
Ubuntu 20.0.4
OpenVPN server: OpenVPN 2.4.9 x86_64-pc-linux-gnu built on Apr 20 2020
openvpn-fido2-plugin
from: ppa:sparklabs/ppa
First got the OpenVPN running with regular pam:
Following the steps from the manual:
https://www.sparklabs.com/support/kb/ar ... viscosity/
server.conf
I'm using the credentials again of client1
then after filling in the username/password I get a new popup which looks like the picture attached.
OpenVPN log file shows at one point:
Any hints? or is it just to bleeding edge right now and I need to be patient for the next beta
Many thanks in advance,
Wessel
Ubuntu 20.0.4
OpenVPN server: OpenVPN 2.4.9 x86_64-pc-linux-gnu built on Apr 20 2020
openvpn-fido2-plugin
from: ppa:sparklabs/ppa
First got the OpenVPN running with regular pam:
plugin /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so loginThat worked fine with client1
Following the steps from the manual:
https://www.sparklabs.com/support/kb/ar ... viscosity/
server.conf
log debug.logWhen connecting, there is no U2F popup but actually a username/password popup.
proto udp
ifconfig-pool-persist ipp.txt
keepalive 10 120
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 5
mute 10
ca ca.crt
cert server.crt
key server.key
dh dh.pem
port 1194
dev tun0
server 10.8.0.0 255.255.255.0
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 1.0.0.1"
push "redirect-gateway def1"
#FIDO2 and PAM plugin
plugin /usr/share/openvpn/pam-fido2/auth-pam-fido2.so login
# I did set my own hostname below instead of myvpn.mydomain.com
setenv fido2_origin myvpn.mydomain.com
setenv fido2_name "Intranet VPN Server"
#Uncomment the below if you wish to change the path for the script
# setenv fido2_script_path /usr/share/openvpn/pam-fido2/auth-fido2.py
#Auth-gen-token for renegotiation without needing to use token
auth-gen-token
I'm using the credentials again of client1
then after filling in the username/password I get a new popup which looks like the picture attached.
OpenVPN log file shows at one point:
AUTH-PAM: BACKGROUND: received command code: 0
AUTH-PAM: BACKGROUND: USER: client1
AUTH-PAM: BACKGROUND: SCRIPT_PATH: /usr/share/openvpn/pam-fido2/auth-fido2.py
AUTH-PAM: BACKGROUND: my_conv[0] query='Password: ' style=1
AUTH-PAM: BACKGROUND: user 'client1' failed to authenticate: Authentication failure
Any hints? or is it just to bleeding edge right now and I need to be patient for the next beta
Many thanks in advance,
Wessel
Attachments
FIDO2.jpg (22.58 KiB) Viewed 8348 times
Hi Wessel,
This feature is not in Viscosity yet, the following notice is at the top of the linked article:
Regards,
Eric
This feature is not in Viscosity yet, the following notice is at the top of the linked article:
Code: Select all
This feature is currently not in the 1.9.1 betas. We did have an early iteration of the feature in the 1.9 Betas, however we had to pull the feature out due to needing to focus on other issues that presented themselves at the time like Apple Silicon's release. We're hoping to revisit FIDO2 in 1.9.2 however it could be delayed again, please keep an eye on Beta releases if you're interested in trying FIDO2 in the future, FIDO2 support will be clearly displayed in the release notes when it's available - https://sparklabs.com/support/kb/articl ... -versions/NOTICE: This is currently a beta feature and is not available in release yet. Please check our beta versions for upcoming support, expected to release in version 1.9.2.
Regards,
Eric
Eric Thorpe
Viscosity Developer
Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
Viscosity Developer
Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
Hi Wessel,
We'll be adding FIDO2 support when we add OpenVPN 2.5, I'm afraid we don't have a hard timeline for that at the moment though.
Regards,
Eric
We'll be adding FIDO2 support when we add OpenVPN 2.5, I'm afraid we don't have a hard timeline for that at the moment though.
Regards,
Eric
Eric Thorpe
Viscosity Developer
Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
Viscosity Developer
Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
6 posts
Page 1 of 1