From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ipfire-scm+bounces-69-archive=lists.ipfire.org@lists.ipfire.org>
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4Zx5jK5C4zz3393
	for <archive@lists.ipfire.org>; Mon, 12 May 2025 17:11:01 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK))
	by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4Zx5jK4xdkz2ykN
	for <ipfire-scm@lists.ipfire.org>; Mon, 12 May 2025 17:11:01 +0000 (UTC)
Received: from people01.haj.ipfire.org (people01.haj.ipfire.org [172.28.1.161])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature ECDSA (secp384r1) client-digest SHA384)
	(Client CN "people01.haj.ipfire.org", Issuer "E6" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4Zx5jJ5nDcz130
	for <ipfire-scm@lists.ipfire.org>; Mon, 12 May 2025 17:11:00 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
	s=202003ed25519; t=1747069860;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc; bh=xAvYMHUTrCGj5aah09/zkZ3Er8qXcYNeRjCkD6MtXuA=;
	b=79+HkOJHa0jOosqnzbpvnnH7SMqTpGWXrEQ4Ngk6Z8CeNzhHiLUrBX5Nq9STFpHtUGYWBZ
	cpAYD5lOLXXwFWAw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa;
	t=1747069860;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc; bh=xAvYMHUTrCGj5aah09/zkZ3Er8qXcYNeRjCkD6MtXuA=;
	b=pCoXxTXU4E4lsq9kJr6HcDlZw0bEOBlnSNDXv2ieI93KbX3xU7ODTxipSvKicNwP5p2q48
	Yr0OLxDtif3Iy5j95P1GuF0SBrsvrHaw/EkMGwZEcsj+5oTub/B1/Fx9iiARXU5KkGuEMl
	BAtmmSDD4Kh1R0dznTNgaS9FE/q+2K6fQaf4g4eckwMQ6zxhq79omJPIOfm2AeqerRt+BW
	kT1qMUAse7IbFgD38+/+hgCAKKj5wK+oRYzvQhi/PwH3yp+ucYcTleRAQ4UFtuml9Jghtg
	IEUktMTJplrHI8Y50UamjKhpqhOFqAXnfD1EyhKR8Y4dHwvzJZjc25FG1hIiOQ==
Received: by people01.haj.ipfire.org (Postfix, from userid 1000)
	id 4Zx5jJ3Dx1z2yLX; Mon, 12 May 2025 17:11:00 +0000 (UTC)
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 1bf8788ff466d9c4f261c3979bc5924ecaa85fc0
X-Git-Refname: refs/heads/next
X-Git-Reftype: branch
X-Git-Oldrev: a62e10de4a55883f5377c12f35df321dab7f5614
X-Git-Newrev: 1bf8788ff466d9c4f261c3979bc5924ecaa85fc0
Message-Id: <4Zx5jJ3Dx1z2yLX@people01.haj.ipfire.org>
Date: Mon, 12 May 2025 17:11:00 +0000 (UTC)
From: Michael Tremer <git@ipfire.org>
Precedence: list
List-Id: <ipfire-scm.lists.ipfire.org>
List-Subscribe: <https://lists.ipfire.org/>,
 <mailto:ipfire-scm+subscribe@lists.ipfire.org?subject=subscribe>
List-Unsubscribe: <https://lists.ipfire.org/>,
 <mailto:ipfire-scm+unsubscribe@lists.ipfire.org?subject=unsubscribe>
List-Post: <mailto:ipfire-scm@lists.ipfire.org>
List-Help: <mailto:ipfire-scm+help@lists.ipfire.org?subject=help>
Sender: <ipfire-scm@lists.ipfire.org>
Mail-Followup-To: <ipfire-scm@lists.ipfire.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, next has been updated
       via  1bf8788ff466d9c4f261c3979bc5924ecaa85fc0 (commit)
      from  a62e10de4a55883f5377c12f35df321dab7f5614 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 1bf8788ff466d9c4f261c3979bc5924ecaa85fc0
Author: Michael Tremer <michael.tremer@ipfire.org>
Date:   Mon May 12 17:08:18 2025 +0000

    OpenVPN: Add auth-user-pass to the client configuration
    
    Since we are doing a fake user authentication to get 2FA going, we need
    to explicitley enable this. Usually clients were happy without this, but
    somewhere it must have changed recently that clients require this set
    explicitely.
    
    Fixes: #13109 - openVPN, 2FA - client does not ask for One Time Token
    Reported-by: Heino Gutschmidt <heino.gutschmidt@managedhosting.de>
    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

-----------------------------------------------------------------------

Summary of changes:
 config/rootfiles/core/196/filelists/files | 1 +
 html/cgi-bin/ovpnmain.cgi                 | 1 +
 2 files changed, 2 insertions(+)

Difference in files:
diff --git a/config/rootfiles/core/196/filelists/files b/config/rootfiles/core/196/filelists/files
index 70a9b7cfc..1be17a342 100644
--- a/config/rootfiles/core/196/filelists/files
+++ b/config/rootfiles/core/196/filelists/files
@@ -1,2 +1,3 @@
+srv/web/ipfire/cgi-bin/ovpnmain.cgi
 srv/web/ipfire/cgi-bin/pakfire.cgi
 var/ipfire/langs/list
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 20f256f4b..92a72d753 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -2326,6 +2326,7 @@ else
     print CLIENTCONF "auth-nocache\r\n";
 
     # Set a fake user name for authentication
+    print CLIENTCONF "auth-user-pass\r\n";
     print CLIENTCONF "auth-token-user USER\r\n";
     print CLIENTCONF "auth-token TOTP\r\n";
 


hooks/post-receive
--
IPFire 2.x development tree