This is a step by step instructions to configure your OpenVPN server with AuthX. The second factor authentication to connect to the private network with the OpenVPN client.
- Sign up for you AuthX account here //Hyper link to sign up manual
- Navigate to the applications tab
- Click on protect a application and select the type of application as OpenVPN
- Getting Started to Applications
- Copy the application credentials (Application ID, Application Key, application URL)
- Download the AuthX OpenVPN package from here
- Python 2.7 or later should be installed on the server
PIP2 – installing the python packages for request and simplejson. request package is used to send HTTP/HTTPS requests and simplejson is used to send the REST API requests to AuthX Web service.
- Download the packages from https://bootstrap.pypa.io/get-pip.py
- To install it navigate to the location where it is download to
$ python ./get-pip.py
3. install the requests and simplejson packages using pip command
$ pip install requests
$ pip install simplejs
4. request package can be found in /usr/lib/python2.7/site-packages
5. simplejson package can be found /usr/lib64/python2.7/site-packages
If the packages are installed at a different path determine the locations where they have been installed since we have to specify these locations either through PYTHONPATH environment variable or add these locations to the script itself
Extract and Copy
- Extract the package that has been downloaded from the AuthX repository.
- The extracted folder should have three files certify_constants.py, certify_post_auth_script.py, certify_web_api.py
- Copy the certify_post_auth_script.py to /usr/local/openvpn_as/scripts/ directory.
- To add the path of the certify_constants.py and certify_web_api.py to certify_post_auth_script.py use the command below
$ sys.path.insert(1, ‘/home/<username>/<Path to the extracted folders>)
- Update the certify_constants.py file with the application parameters that you have received from the portal
DEFAULT_CERTIFY_AUTH_SERVER_URL = ” Application URL ”
DEFAULT_CERTIFY_HOST = “Hostname”
DEFAULT_APPLICATION_KEY = ” Application ID ”
DEFAULT_SECRET_KEY =” Application Key ”
DOMAIN_SUFFIX = “<Domain where the VPN server is configured”
2. Use the commands below to configure the scripts
$ sudo /usr/local/openvpn_as/scripts/sacli -a <username> -k auth.module.post_auth_script --value_file=/usr/local/openvpn_as/scripts/certify_post_auth_script.py ConfigPut
3. After the server is restarted, AuthX can be used as second factor authentication.
$ sudo /usr/local/openvpn_as/scripts/sacli -a <username> Reset
To remove the google authentication from OpenVPN server
$ sudo /usr/local/openvpn_as/scripts/sacli --user <USER_OR_GROUP> --key "prop_google_auth" --value "false" UserPropPut
Verify Your configuration
- Navigate to your OpenVPN home page/Client after the primary authentication of username and password you should be prompted to enter AuthX Code or push for authentication.
- You can authenticate using multiple factors
|Push||Send a push request to the phone to accept or deny|
|AuthX Code||Enter the TOTP generated on the AuthX application|
|SMS||Enter the AuthX code received as text on your phone|
|Call||Enter the AuthX code that has been said on the received call|
|Face||Authenticate with your face on your phone|
|Palm||Authenticate with your palm on your phone|
High Level Flow Diagram