GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → MeneDev → yubi-oath-vpn

MeneDev / yubi-oath-vpn

Licence: MIT License
Simply insert your Yubikey and connect automatically to your TOTP-2FA-VPN.

Programming Languages

go
31211 projects - #10 most used programming language
Dockerfile
14818 projects
shell
77523 projects

Labels

openvpnvpn2faopenvpn-auth

Projects that are alternatives of or similar to yubi-oath-vpn

Raspberry-Pi-VPN-Gateway
Raspberry Pi VPN gateway installer for Private Internet Access
Stars: ✭ 44 (+193.33%)
Mutual labels:  openvpn, vpn
killswitch-windows
VPN kill switch for windows.
Stars: ✭ 22 (+46.67%)
Mutual labels:  openvpn, vpn
desktop-app-ui2
IVPN Desktop app
Stars: ✭ 19 (+26.67%)
Mutual labels:  openvpn, vpn
watchblob
Connect to 2-factor WatchGuard VPNs on Linux with OpenVPN
Stars: ✭ 15 (+0%)
Mutual labels:  openvpn, vpn
AdGuard-WireGuard-Unbound-Cloudflare
The Ultimate Network Security Guide 🔒 Protection | 🔎 Privacy | 🚀 Performance on home network 24/7 🕛 Accessible anywhere 🌏
Stars: ✭ 160 (+966.67%)
Mutual labels:  openvpn, vpn
iit-kgp-network
Information repository and Solutions on IIT KGP Internet Problems.
Stars: ✭ 28 (+86.67%)
Mutual labels:  openvpn, vpn
Open2Nord
A Python script that makes connecting to NordVPN servers through OpenVPN GUI a lot easier, and adds extra functionality
Stars: ✭ 22 (+46.67%)
Mutual labels:  openvpn, vpn
terraform-aws-pritunl-vpn-server
Pritunl VPN Server for your public/private like VPC on AWS
Stars: ✭ 40 (+166.67%)
Mutual labels:  openvpn, vpn
nordvpn
NordVpn Docker Client
Stars: ✭ 475 (+3066.67%)
Mutual labels:  openvpn, vpn
chef-openvpn
A multi-configuration OpenVPN server cookbook featuring IPv6 support and easy setup of client files.
Stars: ✭ 23 (+53.33%)
Mutual labels:  openvpn, vpn
droidovpn
An unofficial VPN Gate client for Android.
Stars: ✭ 65 (+333.33%)
Mutual labels:  openvpn, vpn
k8s-ovpn-chart
[DEPRECATED] Helm chart for a private OpenVPN server
Stars: ✭ 19 (+26.67%)
Mutual labels:  openvpn, vpn
desktop-app-cli
Official IVPN command-line interface (CLI)
Stars: ✭ 18 (+20%)
Mutual labels:  openvpn, vpn
desktop-app
Official IVPN Desktop app
Stars: ✭ 141 (+840%)
Mutual labels:  openvpn, vpn
terraform-openvpn
A sample terraform setup for OpenVPN using Let's Encrypt and Certbot to generate certificates
Stars: ✭ 43 (+186.67%)
Mutual labels:  openvpn, vpn
netmaker
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
Stars: ✭ 4,147 (+27546.67%)
Mutual labels:  openvpn, vpn
desktop-app-ui
Official IVPN Desktop app (legacy version)
Stars: ✭ 23 (+53.33%)
Mutual labels:  openvpn, vpn
Cybernet-VPN
Android Cybernet VPN App
Stars: ✭ 28 (+86.67%)
Mutual labels:  openvpn, vpn
openvpn-unroot
Run OpenVPN without root privileges
Stars: ✭ 27 (+80%)
Mutual labels:  openvpn, vpn
desktop-app-daemon
Official IVPN Desktop app (service)
Stars: ✭ 34 (+126.67%)
Mutual labels:  openvpn, vpn
View All Similar Projects ➔

yubi-oath-vpn monitor CircleCI Follow @MeneDev on Twitter

Simply insert your Yubikey to an USB-slot and connect to your 2FA-VPN.

Usage

Windows (experimental, see below)
yubi-oath-vpn /connection=<OpenVPN configuration name> [/[email protected]]

Linux
yubi-oath-vpn --connection=<connection name> [[email protected]]

Will start the program and connect as soon as the Yubikey is inserted (and not already connected)

If the slot argument is omitted, the first slot is used.

Autostart Startmenu entry (Windows)

  • Extract all files to a single directory in you User directory
  • Press Win+R, type shell:startup, hit enter.
  • Right-click inside the folder, select New > Shortcut and enter the path to the extracted executable (yubi-oath-vpn-win_amd64.exe)
  • Edit the location and add /connection <OpenVPN configuration name> to the target

You can locate your OpenVPN configurations in %USERPROFILE%\OpenVPN\config\. The configurations must have the extension ovpn, use the filename without extension as <OpenVPN configuration name>

Example: client.ovpn becomes /connection client

Autostart via systemd (Linux)

  • Copy yubi-oath-vpn binary to $HOME/Apps/yubi-oath-vpn, make sure it's executable
  • Adjust and copy the file yubi-oath-vpn.service to $HOME/.config/systemd/user/yubi-oath-vpn.service

Autostart via XDG autostart (KDE, Gnome, LXDE)

  • Copy yubi-oath-vpn binary to $HOME/Apps/yubi-oath-vpn, make sure it's executable
  • Adjust and copy the file yubi-oath-vpn.desktop to $HOME/.config/autostart/yubi-oath-vpn.desktop

Limitations

  • The Yubikey must have a password
  • Only works with OpenVPN
  • VPN must use tun device
  • Must be the only tun device
  • VPN must use TOTP

Limitations on Linux

  • nmcli is required to bring up the VPN

Limitations on Windows

  • Consider the current version experimental
  • OpenVPN GUI must be installed
  • Make sure you connected at least once manually and save the credentials
  • Log files must be written to %USERPROFILE%\OpenVPN\config
  • Log files must not be appended to
  • Storing passwords must be allowed (this is asked during installation)
  • The connection status is currently not checked, thus the connection window is always presented when plugin in the YubiKey

Background

We use Yubikeys for two factor authentication against our VPN. We have a Bash script with similar functionality, but the tools (ykman, yubioath) keep changing and dbus-monitor was behaving differently depending on Linux distribution.

Disclaimer

Only tested against one Yubikey 4 and one Yubikey 5 version. It's my first go project. Expect bugs and low code quality. That being said it's in active use for several years on different systems and seems to work just fine.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].