FIDO2 Doesn't show FIDO2-Screen
Posted: Thu Jan 21, 2021 1:41 pm
Using viscosity client: 1.9.1b3
Ubuntu 20.0.4
OpenVPN server: OpenVPN 2.4.9 x86_64-pc-linux-gnu built on Apr 20 2020
openvpn-fido2-plugin
from: ppa:sparklabs/ppa
First got the OpenVPN running with regular pam:
Following the steps from the manual:
https://www.sparklabs.com/support/kb/ar ... viscosity/
server.conf
I'm using the credentials again of client1
then after filling in the username/password I get a new popup which looks like the picture attached.
OpenVPN log file shows at one point:
Any hints? or is it just to bleeding edge right now and I need to be patient for the next beta
Many thanks in advance,
Wessel
Ubuntu 20.0.4
OpenVPN server: OpenVPN 2.4.9 x86_64-pc-linux-gnu built on Apr 20 2020
openvpn-fido2-plugin
from: ppa:sparklabs/ppa
First got the OpenVPN running with regular pam:
plugin /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so loginThat worked fine with client1
Following the steps from the manual:
https://www.sparklabs.com/support/kb/ar ... viscosity/
server.conf
log debug.logWhen connecting, there is no U2F popup but actually a username/password popup.
proto udp
ifconfig-pool-persist ipp.txt
keepalive 10 120
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 5
mute 10
ca ca.crt
cert server.crt
key server.key
dh dh.pem
port 1194
dev tun0
server 10.8.0.0 255.255.255.0
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 1.0.0.1"
push "redirect-gateway def1"
#FIDO2 and PAM plugin
plugin /usr/share/openvpn/pam-fido2/auth-pam-fido2.so login
# I did set my own hostname below instead of myvpn.mydomain.com
setenv fido2_origin myvpn.mydomain.com
setenv fido2_name "Intranet VPN Server"
#Uncomment the below if you wish to change the path for the script
# setenv fido2_script_path /usr/share/openvpn/pam-fido2/auth-fido2.py
#Auth-gen-token for renegotiation without needing to use token
auth-gen-token
I'm using the credentials again of client1
then after filling in the username/password I get a new popup which looks like the picture attached.
OpenVPN log file shows at one point:
AUTH-PAM: BACKGROUND: received command code: 0
AUTH-PAM: BACKGROUND: USER: client1
AUTH-PAM: BACKGROUND: SCRIPT_PATH: /usr/share/openvpn/pam-fido2/auth-fido2.py
AUTH-PAM: BACKGROUND: my_conv[0] query='Password: ' style=1
AUTH-PAM: BACKGROUND: user 'client1' failed to authenticate: Authentication failure
Any hints? or is it just to bleeding edge right now and I need to be patient for the next beta
Many thanks in advance,
Wessel