-
Notifications
You must be signed in to change notification settings - Fork 22
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #21 from axorna/T170152-Update-README
Updated README
- Loading branch information
Showing
1 changed file
with
45 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -7,14 +7,56 @@ | |
|
|
||
| **duo_openvpn_as** - Duo two-factor authentication for OpenVPN Access Server | ||
|
|
||
| # Installing | ||
|
|
||
| Download the [latest Duo OpenVPN Access Server release](https://github.com/duosecurity/duo_openvpn_as/archive/refs/heads/master.zip) as a zip file from GitHub and unzip the package on your own OpenVPN Access Server. | ||
|
|
||
| # Usage | ||
|
|
||
| OpenVPN AS integration instructions: <http://www.duosecurity.com/docs/openvpn_as> | ||
| ## Configuring & Enabling the Post-Auth Script | ||
| Make sure you have your OpenVPN Access Server's integration key (IKEY), secret key (SKEY), and API hostname. You can find these in your Duo Admin Panel under the Applications tab. | ||
|
|
||
| Open the duo_openvpn_as.py script in a text editor and fill in your IKEY, SKEY, and API hostname in the following area: | ||
| ``` | ||
| # ------------------------------------------------------------------ | ||
| # Fill in your integration credentials on the following three lines: | ||
| IKEY = 'INTEGRATION_KEY' | ||
| SKEY = 'SECRET_KEY' | ||
| HOST = 'API_HOSTNAME' | ||
| # ------------------------------------------------------------------ | ||
| ``` | ||
|
|
||
| Then, move the duo_openvon_as.py script to the OpenVPN AS scripts folder. This typically can be found in /usr/local/openvpn_as/scripts/. Make sure it is executable. | ||
|
|
||
| ``` | ||
| $ mv duo_openvpn_as.py /usr/local/openvpn_as/scripts/ | ||
| $ chmod a+x /usr/local/openvpn_as/scripts/duo_openvpn_as.py | ||
| ``` | ||
| Then, set duo_openvpn_as.py as your post-auth script:\ | ||
| ``` | ||
| $ /usr/local/openvpn_as/scripts/sacli -a admin_username -i -k auth.module.post_auth_script --value_file=/usr/local/openvpn_as/scripts/duo_openvpn_as.py ConfigPut | ||
| ``` | ||
| where admin_username is the username of an administrator on your OpenVPN Access Server. You'll be prompted to enter the administrator's password. | ||
|
|
||
| Finally, restart the service to commit your changes: | ||
| ``` | ||
| $ /usr/local/openvpn_as/scripts/sacli -a admin_username -i Reset | ||
| ``` | ||
|
|
||
| # Testing | ||
| Try to log in as a regular VPN user through the OpenVPN Access Server web interface. If you're using an account that has not been enrolled for Duo authentication, your login attempt will be denied with a self-enrollment URL. Visit the URL, enroll, then try again. | ||
|
|
||
| Note: You will only receive a self-enrollment URL if you log in to your OpenVPN Access Server instance with a web browser! | ||
|
|
||
| When you log in as a Duo-enrolled user, you'll see a secondary prompt with instructions to enter a Duo passcode or alternate factor. | ||
|
|
||
| You can choose from doing a push, phone, or sms factor. Additionally, you can specify a number after the factor name to identify which enrolled device you are using. | ||
|
|
||
| # Support | ||
|
|
||
| Report any bugs, feature requests, etc. to us directly: | ||
| [email protected] | ||
| The full documentation for OpenVPN Access Server can be found at https://duo.com/docs/openvpn-as. | ||
|
|
||
| Report any bugs, feature requests, etc. to us directly at [email protected] | ||
|
|
||
| Have fun! | ||
|
|
||
|
|
||