Skip to content

3fs/go-authy-openvpn

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
scripts
scripts
 
 
src
src
 
 
vendor
vendor
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 

Repository files navigation

Go Authy OpenVPN

With Go Authy OpenVPN plugin you can add two-factor authentication to your VPN server in just minutes. It is a replacement for official Authy OpenVPN plugin which isn't updated anymore and is lacking Authy OneTouch support.

Pre-Requisites

  1. Authy API key
  2. OpenVPN server installation

Installation

From compiled package

  1. Download latest release from GitHub
  2. Extract tar archive in desired location on your server
  3. Run post-install script

From source

  1. Install requirements: Golang, build essentials
  2. Run sudo make install

Check OpenVPN config

Open your OpenVPN configuration file in your prefered editor. If you allowed post-instal script from previous step to edit your server.conf you should now have something like this at the end of it:

plugin <go-authy-path>/auth_script.so <go-authy-path>/go-authy-openvpn -a <authy_api_key>

If you don't have something like tihs in your configuration, you should add it manually.

Configuration flags

In your OpenVPN you can add flags after go-authy-openvpn to configure it. This are curretly supported flags:

  • -a (required) Authy API key
  • -c (optional) Authy config file (default is /etc/openvpn/authy/authy-vpn.conf)
  • -g (optional) GeoLite2 city or country database path, if you want to have location displayed in OneTouch request

Migrating from official plugin

If you are already using official Authy OpenVPN plugin you can install this plugin with the steps above and then remove the old plugin from your OpenVPN server config. This plugin uses the same format of authy-vpn.conf so all your registered users will stay there.

Adding users

This plugin comes with a script, that helps you register users. To start adding users type: sudo authy-vpn-add-user

If the script was successful it will add username and Authy ID to /etc/openvpn/authy/authy-vpn.conf.

How it works

This plugin works with certificates based authentication. To login the user need certificate, username and password.

Password can be 4 different things:

OneTouch

If the provided password is onetouch the user will receive OneTouch push notification to Authy app where they can approve the login.

Token

Password can be TOTP token from Authy app or token the user received through SMS or call.

SMS or call

If the password is sms or call the plugin will make a request for that to Authy and will fail the login. Then the user will receive the token through SMS or call and will then use that token on next login.

VPN client configuration

Your users will need to add

auth-user-pass

to their client.conf.

About

Two-factor authentication for OpenVPN

Topics

openvpn two-factor-authentication authy 2fa

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

13 stars

Watchers

4 watching

Forks

2 forks
Report repository

Releases 3

v1.2 Latest
Mar 12, 2018
+ 2 releases

Packages

No packages published

Languages