GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → fac → auth-script-openvpn

fac / auth-script-openvpn

Licence: Apache-2.0 License
OpenVPN plugin to auth connections using non-blocking external script

Programming Languages

c
50402 projects - #5 most used programming language
Makefile
30231 projects

Labels

openvpnopenvpn-serveropenvpn-plugin

Projects that are alternatives of or similar to auth-script-openvpn

Openvpn Install
Set up your own OpenVPN server on Debian, Ubuntu, Fedora, CentOS or Arch Linux.
Stars: ✭ 7,142 (+10402.94%)
Mutual labels:  openvpn, openvpn-server
openvpn-status-parser
Parser for openvpn status file
Stars: ✭ 18 (-73.53%)
Mutual labels:  openvpn, openvpn-server
Docker Openvpn
🔒 OpenVPN server in a Docker container complete with an EasyRSA PKI CA
Stars: ✭ 7,121 (+10372.06%)
Mutual labels:  openvpn, openvpn-server
terraform-aws-pritunl-vpn-server
Pritunl VPN Server for your public/private like VPC on AWS
Stars: ✭ 40 (-41.18%)
Mutual labels:  openvpn, openvpn-server
nordvpn
NordVpn Docker Client
Stars: ✭ 475 (+598.53%)
Mutual labels:  openvpn
killswitch-windows
VPN kill switch for windows.
Stars: ✭ 22 (-67.65%)
Mutual labels:  openvpn
docker-openvpn-client-socks
Expose an OpenVPN tunnel as a SOCKS proxy
Stars: ✭ 89 (+30.88%)
Mutual labels:  openvpn
desktop-app-daemon
Official IVPN Desktop app (service)
Stars: ✭ 34 (-50%)
Mutual labels:  openvpn
docker-openvpn-client
A minimal openvpn client for docker containers.
Stars: ✭ 23 (-66.18%)
Mutual labels:  openvpn
desktop-app-ui2
IVPN Desktop app
Stars: ✭ 19 (-72.06%)
Mutual labels:  openvpn
chef-openvpn
A multi-configuration OpenVPN server cookbook featuring IPv6 support and easy setup of client files.
Stars: ✭ 23 (-66.18%)
Mutual labels:  openvpn
openvpn-unroot
Run OpenVPN without root privileges
Stars: ✭ 27 (-60.29%)
Mutual labels:  openvpn
AdGuard-WireGuard-Unbound-Cloudflare
The Ultimate Network Security Guide 🔒 Protection | 🔎 Privacy | 🚀 Performance on home network 24/7 🕛 Accessible anywhere 🌏
Stars: ✭ 160 (+135.29%)
Mutual labels:  openvpn
netmaker
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
Stars: ✭ 4,147 (+5998.53%)
Mutual labels:  openvpn
zarch
The Ultimate Script For Arch Linux
Stars: ✭ 49 (-27.94%)
Mutual labels:  openvpn-server
k8s-ovpn
OpenVPN on a Kubernetes cluster. Roll your own secure VPN cluster!
Stars: ✭ 72 (+5.88%)
Mutual labels:  openvpn
packer-aws-openvpn
Packer Template to build a AWS OpenVPN AMI
Stars: ✭ 21 (-69.12%)
Mutual labels:  openvpn
vpn-auto-reconnect.sh
A simple bash script for autoreconnect to OpenVPN via NetworkManager command-line (nmcli).
Stars: ✭ 19 (-72.06%)
Mutual labels:  openvpn
Gear-VPN
A VPN client for Android based on OpenVPN made with Jetpack Compose.
Stars: ✭ 55 (-19.12%)
Mutual labels:  openvpn
linux-cli-community
Linux command-line client for ProtonVPN. Written in Python.
Stars: ✭ 1,166 (+1614.71%)
Mutual labels:  openvpn
View All Similar Projects ➔

OpenVPN Auth Script Plugin

Runs an external script to decide whether to authenticate a user or not. Useful for checking 2FA on VPN auth attempts as it doesn't block the main openvpn process, unlike passing the script to --auth-user-pass-verify flag.

The idea of the plugin is to do as little as possible, and let the external binary do all the heavy lifting itself.

Installation

Compile the shared library with make plugin and copy openvpn-plugin-auth-script.so into your lib/openvpn/plugins/ folder.

Copy your external script onto the machine in a sane place, making sure it's executable by the user openvpn is running as.

Configure the plugin in your openvpn config, passing the path to the external script as the second argument:

plugin /path/to/openvpn-plugin-auth-script.so /path/to/external/script.sh

The plugin will also pass any strings provided after the script name as arguments to the script execution:

plugin /path/to/openvpn-plugin-auth-script.so /path/to/external/script.sh arg1 arg2 argN

External Script requirements

The script used to handle authentication has a very specific set of skills it needs, and if you don't provide those it will hunt you down in silence.

It needs to:

  • Be executable by the user openvpn runs as
  • Read username and password from the ENV to check them
  • Read auth_control_file from the ENV and write a single character to that path to signify auth success/failure
    • To allow authentication, write 1 to the file
    • To block authentication, write 0 to the file
  • Exit with status code 0
  • Not depend on PATH variable (eg, don't use /usr/bin/env in shebang)

Example env the script is called in:

PWD=/
SHLVL=0
auth_control_file=/tmp/openvpn_acf_9090e6750844ee26d7f23efbad0e95c2.tmp
config=/opt/local/etc/openvpn/testvpn.conf
daemon=1
daemon_log_redirect=0
daemon_pid=10502
daemon_start_time=1488892554
dev=tun0
dev_type=tun
ifconfig_local=192.168.2.1
ifconfig_remote=192.168.2.2
link_mtu=1572
local_port_1=1194
password=b
proto_1=tcp-server
redirect_gateway=0
remote_port_1=1194
route_gateway_1=192.168.2.2
route_netmask_1=255.255.255.0
route_network_1=192.168.2.0
route_vpn_gateway=192.168.2.2
script_context=init
tun_mtu=1500
untrusted_ip=192.168.3.4
untrusted_port=54357
username=a
verb=9

Static Challenge

If you're using static-challenge, you might wonder where the response value is in the env hash. See the OpenVPN management-notes docs for more info, but it's passed as part of the password.

The format in the env password value is SCRV1:<BASE64_PASSWORD>:<BASE64_RESPONSE>

License

See LICENSE.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].