Ok, Google is my friend.
I did this:
# apt-get purge libpam-google-authenticator
# download https://code.google.com/p/google-authenticator/downloads/list
# apt-get install libpam-dev
Add this to Makefile, right after the license:
LDFLAGS="-lpam"
Then
# make
# make install
# service openvpn restart
Also, make sure /home/username/.google_authenticator has no rights at all except read rights for the user that's going to use it.
Now I need to enter my username that's my local username on the server (my shell account) as my OpenVPN username and the Google Authenticator 6-digit code as the password.
Now it works.
Thank you all for your time :)
(How can I mark this post as solved? Do I just edit the topic title?)
using 18.10 I had a similar problem. I resolved my problem by modifying /etc/systemd/resolved.conf with the dns server and search domain information. this looks to be correct behavior, according to the man page,
The DNS servers contacted are determined from the global settings in /etc/systemd/resolved.conf, the per-link static settings in /etc/systemd/network/*.network files (in case systemd-
networkd.service(8) is used), the per-link dynamic settings received over DHCP, and any DNS server information made available by other system services. See resolved.conf(5) and systemd.network(5)
for details about systemd's own configuration files for DNS servers. To improve compatibility, /etc/resolv.conf is read in order to discover configured system DNS servers, but only if it is not a
symlink to /run/systemd/resolve/stub-resolv.conf or /run/systemd/resolve/resolv.conf (see below).
my config looks like this, adjust to fit your environment,
192.168.1.1 is your private dns
domain syntax is important, don't forget the trailing dot "."
/etc/systemd/resolved.conf
[Resolve]
DNS=192.168.1.1
#FallbackDNS=
Domains=blah.mydomain.com. blahblah.mydomain.com.
#LLMNR=no
#MulticastDNS=no
#DNSSEC=no
#DNSOverTLS=no
#Cache=yes
#DNSStubListener=yes
then restart the service
sudo systemctl restart systemd-resolved.service
verify service is running. syntax errors might cause issues that you can see here.
sudo systemctl status systemd-resolved.service
try to lookup a local domain
nslookup blah.mydomain.com
if that did not work, then verify the query does not time out. manually specify the dns server
nslookup blah.mydomain.com 192.168.1.1
resolved has a built-in query function which is helpful
% resolvectl query fedoraproject.org
fedoraproject.org: 2605:bc80:3010:600:dead:beef:cafe:fed9 -- link: enp5s0
2620:52:3:1:dead:beef:cafe:fed7 -- link: enp5s0
2610:28:3090:3001:dead:beef:cafe:fed3 -- link: enp5s0
2604:1580:fe00:0:dead:beef:cafe:fed1 -- link: enp5s0
2605:bc80:3010:600:dead:beef:cafe:feda -- link: enp5s0
2620:52:3:1:dead:beef:cafe:fed6 -- link: enp5s0
209.132.190.2 -- link: enp5s0
8.43.85.67 -- link: enp5s0
38.145.60.21 -- link: enp5s0
67.219.144.68 -- link: enp5s0
140.211.169.196 -- link: enp5s0
140.211.169.206 -- link: enp5s0
152.19.134.142 -- link: enp5s0
38.145.60.20 -- link: enp5s0
152.19.134.198 -- link: enp5s0
8.43.85.73 -- link: enp5s0
-- Information acquired via protocol DNS in 99.8ms.
-- Data is authenticated: no
Best Answer
You can add an alias to
.bash_profile. You should specify a path to your client.vpn otherwise you might need to be in that folder when you executevpn.You then can create a file that contains your username and password and reference it from your client.ovpn.
First thing, create a file called credentials.txt in the same folder as your client.ovpn.
Inside that file, store your username and password.
Save the file, then open client.ovpn and add the following directive.
Once again, credentials.txt needs to be in the same folder as client.opvn as it's going to look there for that file.