Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 27 subscribers
  • Views 1486 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Multifactor authentication on linux

jjoaovini

The VPN I want to connect requires MFA.
I have my ovpn file, and I connect through openvpn.

when authenticating, I type the
<user>
<password><one time passcode>

appears that is connected, but I can't access the site I wanted.



This thread was automatically locked due to age.
  • +1

    if Openvpn states "connected" the authentication including 2FA should work.
    Next, you need a matching firewall rule.
    Check the firewall log.

  • FormerMember
    0 FormerMember

    Hi, Welcome to Sophos Community.

    If this is a website locally in the Firewall's LAN which you're not able to access, the Firewall rule could affect this as Drik said. Ensure that the firewall rule is placed and the IP that this website is hosted on is added in the shared resources under the SSL VPN tunnel settings.

    Check out this article for troubleshooting SSL VPN : support.sophos.com/.../KB-000036884

  • 0 in reply to dirkkotte

    sorry, my question was not spelled correctly.

    states "connected", = the message on the terminal is Initialization Sequence Completed.

    the problem is that i can connect to vpn and access the site through windows client.
    will linux not support mfa?

    is there any way to have a rule not to access through linux?

  • 0 in reply to jjoaovini

    the 2FA is hidden from endsystem.

    You activate 2FA at the firewall and append the code to the password ... the end system is not aware of this. 

    Some other 2FA solutions need a second input-field or use challenge-response technology ... but that is not used here.

    Take a look to the connected VPN-users at the firewall.

    So you have to check the following:

    - is the user connected really?

    - do you need a special rule for this user to allow access? (check the firewall-log)

  • 0 in reply to dirkkotte

    Sorry, I didn't pay attention to the first message that appears from openvpn.

    WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.

    DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.

    what to add in the configuration file?

  • 0 in reply to dirkkotte

    I can't find any rules that would prevent it.