Page MenuHomeVyOS Platform
Create Task
Maniphest T4231

Feature Request: ocserv: 2FA (password+OTP) support in Openconnect
Closed, ResolvedPublicFEATURE REQUEST
Actions

Description

ocserv allows for multiple authentication factors per session
There is an options available for one-time passwords

Given that VyOS uses local accounts for ocserv, OTP keys will be generated for these accounts

Suggested commands to get started:

vyos@vyos# set vpn openconnect authentication mode
Possible completions:
   local        Use local username/password configuration
   radius       Use RADIUS server for user autentication

vyos@vyos# set vpn openconnect authentication mode local 
   password       Default. Password-only local authentication
   otp            OTP-only local authentication
   password-otp   Password (first) + OTP local authentication
vyos@vyos:~# set vpn openconnect authentication local-users username user2 otp 
Possible completions:
   key          Token Key Secret key for the token algorithm (see RFC 4226)
   otp-length   Optional. Number of digits in OTP. Default 6

Further functionality can be developed to use different types of OTP

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Feature (new functionality)

Event Timeline

Unknown Object (User) created this task.Feb 7 2022, 5:14 AM
Unknown Object (User) created this object in space S1 VyOS Public.
Viacheslav assigned this task to Unknown Object (User).Feb 7 2022, 10:11 AM
Viacheslav changed the subtype of this task from "Task" to "Feature Request".
pasik added a subscriber: pasik.Feb 7 2022, 11:17 AM
Unknown Object (User) updated the task description. (Show Details)Feb 8 2022, 1:34 AM
Unknown Object (User) updated the task description. (Show Details)Mar 8 2022, 10:18 AM
Unknown Object (User) added a comment.Mar 8 2022, 10:32 AM

PR with basic functionality:
https://github.com/vyos/vyos-1x/pull/1242
https://github.com/vyos/vyatta-cfg-system/pull/178

Unknown Object (User) added a comment.Mar 8 2022, 10:33 AM

Next, we need to create an OTP key generator in the VyOS CLI

Unknown Object (User) closed this task as Resolved.Apr 20 2022, 1:58 AM

Tested in VyOS 1.4-rolling-202204130521
Works