Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenVPN RW: cannot login with 2FA after migration #1047

Open
Tbaile opened this issue Jan 27, 2025 · 2 comments
Open

OpenVPN RW: cannot login with 2FA after migration #1047

Tbaile opened this issue Jan 27, 2025 · 2 comments
Labels
verified All test cases were verified successfully
Milestone
NethSecurity 8.5

Comments

@Tbaile
Copy link
Contributor

Tbaile commented Jan 27, 2025

Steps to reproduce

  • Migrate from a NS7 to a NS8, the OpenVPN RW instance MUST NOT have 2FA activated
  • Now with users configured, check that VPN still works
  • Now edit the RW instance, set authentication with 2FA
  • Download the QR code

Expected behavior

Download of the QR code goes well

Actual behavior

Error is thrown, no QR code is downloaded

Components

ns-migration <= 0.0.18

See also

Mattermost Thread

It appears that during migration, no openvpn_2fa field is being populated.
This doesn't impact new users since add_user function generates the TOTP no matter what the RW configuration is.
Workaround is to generate the TOTP using pyotp.random_base32() and set it manually to the user.
@Tbaile Tbaile added this to the NethSecurity 8.5 milestone Jan 27, 2025
@Tbaile Tbaile self-assigned this Jan 27, 2025
@github-project-automation github-project-automation bot moved this to ToDo 🕐 in NethSecurity Jan 27, 2025
@Tbaile Tbaile mentioned this issue Jan 27, 2025
Merged
@Tbaile
Copy link
Contributor Author

Tbaile commented Jan 28, 2025

QA

23.05.5-ns.1.4.1-40-g3ebca0f35

Try again the procedure above, check that now it works.

@Tbaile Tbaile removed their assignment Jan 28, 2025
@Tbaile Tbaile added the testing Packages are available from testing repositories label Jan 28, 2025
@nethbot nethbot moved this from ToDo 🕐 to Testing in NethSecurity Jan 28, 2025
@gsanchietti gsanchietti self-assigned this Jan 29, 2025
@gsanchietti
Copy link
Member

Verified: 2FA secret is generated even if the 2FA was not enabled on NS7

@gsanchietti gsanchietti added verified All test cases were verified successfully and removed testing Packages are available from testing repositories labels Jan 29, 2025
@gsanchietti gsanchietti removed their assignment Jan 29, 2025
@nethbot nethbot moved this from Testing to Verified in NethSecurity Jan 29, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
verified All test cases were verified successfully
Projects
NethSecurity
Status: Verified
Milestone
NethSecurity 8.5
Development

No branches or pull requests
2 participants
@gsanchietti @Tbaile