• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

OpenVPN + Yubico PAM

Scheduled Pinned Locked Moved OpenVPN
5 Posts 2 Posters 5.7k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • H
    Hedkandi
    last edited by Apr 8, 2010, 2:06 PM

    Hello!

    Im a pretty new user of pfSense and i managed to throw a OpenVPN with FreeRadius authentication together. It works flawlessly with PKI.

    What i want to know is if its possible for someone to compile a PAM module which i need for this solution to be complete. I use a device called Yubikey which generates OTPs (One Time Passwords) and the company selling the Yubikey called Yubico also makes a PAM-module called Yubico PAM (http://code.google.com/p/yubico-pam/).

    I read about the developer installation of pfSense and as a novice on BSD and compiling i thought id ask nicely here before i need to pull my hair :P

    Hopefully other ppl will find this useful too.

    1 Reply Last reply Reply Quote 0
    • G
      GruensFroeschli
      last edited by Apr 8, 2010, 2:38 PM

      Read the howto, how to set up OpenVPN with authentication against an LDAP server.
      The authentication there happens with a PAM module as well.
      So i suppose you could just take the PAM module of yubico and replace the one for LDAP.

      We do what we must, because we can.

      Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

      1 Reply Last reply Reply Quote 0
      • H
        Hedkandi
        last edited by Apr 9, 2010, 5:52 AM

        The problem is that the module from yubico is not compiled, how is this done?

        1 Reply Last reply Reply Quote 0
        • G
          GruensFroeschli
          last edited by Apr 9, 2010, 7:00 AM

          Download their code and compile it.
          They have a ReadMe describing the needed steps:
          http://code.google.com/p/yubico-pam/wiki/ReadMe

          We do what we must, because we can.

          Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

          1 Reply Last reply Reply Quote 0
          • H
            Hedkandi
            last edited by Apr 9, 2010, 2:37 PM

            ok so i downloaded the development iso of pfSense, downloaded ykclient (yubico-c-client) as required by yubico pam

            while running ./configure it states it needs curl, found a freebsd package of this. Installed it and running curl it states it needs libssl. I cant find this anywhere, package management in freebsd seems screwed or something.

            Arent there ANYONE out there with a nice freebsd server up which can compile these things and put it up somewhere?

            1 Reply Last reply Reply Quote 0
            5 out of 5
            • First post
              5/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received