openfortivpn as service with totp

openfortivpn as service with totp


Install open fortivpn client & otp key generator:

zypper ar "http://cdn.opensuse.org/repositories/network:/vpn/openSUSE_Factory/" "network:vpn"
zypper ref
zypper in -y openfortivpn oath-toolkit

change default service:

cat <<EOF > /etc/systemd/system/openfortivpn@.service.d/override.conf
[Service]
ExecStartPre=/usr/bin/bash -c 'echo "OTP_KEY=$(oathtool --base32 --totp $(cat /etc/openfortivpn/%I.totp))" > /tmp/openforti_otp_key'
ExecStartPre=/usr/bin/cat /tmp/openforti_otp_key
EnvironmentFile=/tmp/openforti_otp_key
ExecStart=
ExecStart=/usr/bin/openfortivpn -c /etc/openfortivpn/%I.conf --otp="$OTP_KEY"
ExecStartPost=/usr/bin/rm -f /tmp/openforti_otp_key
EOF

create vpn config:

cat <<EOF > /etc/openfortivpn/$YOUR_VPN_CONFIGNAME.conf
host = $YOUR_VPN_HOST
port = $YOUR_VPN_PORT
username = $YOUR_VPN_USERNAME
password = $YOUR_VPN_PASSWORD
set-dns = $ZERO_OR_ONE
EOF

create vpn totp file:

cat <<EOF > /etc/openfortivpn/$YOUR_VPN_CONFIGNAME.totp
$YOUR_VPN_TOTP_HASH
EOF

Содержание