-
-
Notifications
You must be signed in to change notification settings - Fork 25
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mutliple authentication systems (Microsoft and script) #325
Comments
For this usecase, the option
You can add the common names of your services, in that case, openvpn-auth-oauth2 will always return authenticated for that common names. Authentication can be done via OpenVPN client certificates. |
With same client certificate and authenticate with username/password is not possible ? |
If you enable username-as-common-name in OpenVPN, it should be possible, together with auth-user-pass-verify. |
I will share you my config maybe it gonna be more easy and it could help the community too
here is the log of penvpn-auth-oauth2:
Thanks for your help |
I guess I forget to mention this:
|
Thanks ! Ok I think we are very near. My server is able to connect with script (bypass openvpn-auth-oauth2) but my human client (Microsoft Entra ID) doesn't work with same log mentionned before in openvpn-auth-oauth2 |
I guess, if you have to implement a bypass for human client as well. Because all authentication methods must be return OK |
Hmm how to do that ? Because if I use |
Oh you mean I must to implement a bypass in my script. Hmmm let's think how to do that |
Ok it works ! Thank you ! I have another question (more simple), but I will open a new issue to make it more clear. |
Hello @D0wn3r @jkroepke @D0wn3r Could you please share your @jkroepke Is it possible to avoid any authentication process(certs, login/pass, whatever) from Openvpn Client to OpenVPN Server and fully delegate it to |
No. See: OpenVPN/openvpn#501 add a 👍 You have to add some inline user/pass credentials as workaround, but they can be the same for all users. Whats the reason for Keycloak? |
Hi @Elshirak My #!/bin/bash
declare -A ids=(
[username]="password"
)
readarray -t lines < $1
username=${lines[0]}
password=${lines[1]}
for i in "${!ids[@]}"
do
if [[ "$i" == "$username" ]]
then
echo "Username found"
if [[ "${ids[$i]}" == "$password" ]]
then
echo "ok"
exit 0
fi
fi
done
echo "Not found"
exit 1 |
Hello @jkroepke @D0wn3r @D0wn3r Get it, thanks for sharing) @jkroepke There is no specific reason for using Keycloak, it just works fine and solves my issues :) Now I'm facing another issue, #331 not to spam here |
Problem Statement
Hi again!
Is it possible to have two authentication systems? In my case, they would be:
Can I achieve this with OpenVPN and the openvpn-auth-oauth2 plugin?
openvpn-auth-oauth2 logs
Environment
No response
The text was updated successfully, but these errors were encountered: