Crtext method not supported

[lkasjkasj]

I use openvpn client for linux (ubuntu 22), I want to connect to my server that uses 2fa for protection, the client gives an error

This works on windows client and Mac OS

OpenVPN 2.6.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO] library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10

ERROR:

23-07-11 09:07:51 us=641772 AUTH: Received control message: AUTH_FAILED,Authentication failed, required pending auth method 'crtext' not supported

[schwabe]

Yes. Crtext is a interactive challenge/response method that needs to be implemented by a UI. CUrrently OpenVPN for Android and OpenVPN GUI for Windows support this feature. However there is no UI for Linux that supports that feature currently.

[lkasjkasj]

thanks for the answer, but I found an old article where it is described that this is possible, do I understand correctly that once it worked and then it was abandoned? and then the next question is how to implement 2fa in a Linux client? so that it would work in a dynamic version, and not in a static one?

http://opensourceforgeeks.blogspot.com/2015/07/setting-up-open-vpn-client-on-ubuntu.html

[cron2]

There is a number of different ways the server can request 2FA authentication - "the old way", which is supported by the Linux command line client, and "the new way" which is more flexible but needs GUI support. "crtext" is one of the possible methods in "the new way".

The client signals to the server "I can do method x, y, z" and then the server can pick one, or send back this particular AUTH_FAILED message. So to make it work, without writing the necessary software bits on the linux side, you'd need to change the server config.

[lkasjkasj]

@cron2 Thank you for your answer , specifics in terms of recommendations to change the server configuration would be very helpful to me