![]() ![]() I am still wondering if the nopass option on the pivpn creation account command is reasonable, if I set a password here (no nopass option) then I have to fill my certificate password 1st and then my pi password+the google authenticator numbers. Voila! Let me know if I missed anything (or did anything wrong) but that's how I got it working on my pi 2 with Raspbian Jessie. Connect using your pi account password followed by the 6 numbers generated by the google authenticator app on your phone at the same momentįor example is your pi account password is "raspberry" (you should change it) then your password will be something like raspberry123456. ![]() Setup your client (tested on windows and on iOS) with the new ovpn client file (pi.ovpn for example, created at the last step of (2).Install the google authenticator app on your phone and scan the barcode generated during the google-authenticator command (2) on the pi.Setup your phone, your client and connect from an external network.edit the freshly created user.ovpn file and add auth-user-pass (to tell the client to request username and password on connection) and reneg-sec 0 (to not reconnect every x minutes as the password changes every few seconds).create a pivpn account with the exact same name than the user and the nopass option: pivpn -a nopass Note: the username must be the same than the system account (pi for example).This file must have no rights except read for the user sudo chmod 400 /home/pi/.google_authenticator (change pi with the correct username) google_authenticator in the user’s home directory. Executing google-authenticator adds a file.run the google-authenticator command and follow the instructions (save the barcode url for next step).login as the user on the raspberry su - pi (replace pi with the actual username).You can create as many account as you with the adduser command. Now run sudo service openvpn restart to reload the conf changeįor this to work you will use system accounts (accounts you use to log to your raspberry like 'pi').Edit it sudo nano /etc/pam.d/openvpn to add these 2 lines at the end auth requisite pam_google_authenticator.so forward_pass and auth required pam_unix.so use_first_pass. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |