yubikey

Got a problem with Viscosity or need help? Ask here!
 

jeffgbrock

Posts: 2
Joined: Wed Aug 08, 2018 9:33 am

Post by jeffgbrock » Wed Aug 08, 2018 10:04 am
I tried following the instructions on https://www.sparklabs.com/support/kb/ar ... viscosity/

I also tried using the U2F method (https://www.sparklabs.com/support/kb/ar ... viscosity/)

With the one time password method, it just never connects

The patched version of OpenVPN in method 2 would not install

I am using an OpenVPN 2.4 server installed on Ubuntu. Been my experience that when something won't make, you can chase failed dependencies until you are cross-eyed and never get it to work, so I am trying to get the simpler OTP method. I don't, however, know where to look for the problem. I tried it several times, and I know I didn't miss anything

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Wed Aug 08, 2018 1:09 pm
Hi jeffgbrock,

I recommend checking the OpenVPN log to see why you're unable to connect:
https://www.sparklabs.com/support/kb/ar ... envpn-log/

Please note that we can only offer support for the Viscosity side of things - we simply don't have the available capacity to support server setups. However generally the log should indicate what is going on.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

jeffgbrock

Posts: 2
Joined: Wed Aug 08, 2018 9:33 am

Post by jeffgbrock » Thu Aug 09, 2018 1:19 am
Best I can tell, the problem lies in the script openvpn_otp_auth.py

I can connect fine with the certificate/key method.
If I add the lines
auth-user-pass-verify opevnpn_otp_auth.py via-env
script-security 3
and comment out user nobody/group/nogroup
to my server.conf file

then the log shows the connection attempt hanging until you get a 'TLS key negotiation failed to occur within 60 seconds...' error

The script has been made executable, it has been amended with the clientID/secret key from yubico
PAM and yubico-client are installed.

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Tue Aug 14, 2018 11:54 pm
It's possible there could be a problem with the Python install on the machine. Try running the command "/usr/bin/python /path/to/openvpn_otp_auth.py" and see it it's able to run (it'll of course fail as it's not being run by OpenVPN itself, but if you see any exceptions for missing dependancies etc. that is likely the problem).

Otherwise, I recommend setting up a clean install of Ubuntu inside a virtual machine, and setting it up under that. Assuming that it works, you should be able to work backwards to see where things are going wrong on your actual Ubuntu install.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
4 posts Page 1 of 1