From 2aece2fee3788438c4f42a606b36e9dca7ff819c Mon Sep 17 00:00:00 2001 From: Nicholas Tay Date: Wed, 19 Oct 2022 21:20:00 +1100 Subject: [PATCH] security/openconnect: add support for OTP token generation (#2980) --- security/openconnect/pkg-descr | 2 ++ .../OPNsense/Openconnect/forms/general.xml | 12 ++++++++++++ .../mvc/app/models/OPNsense/Openconnect/General.xml | 12 ++++++++++++ .../templates/OPNsense/Openconnect/openconnect.conf | 6 ++++++ 4 files changed, 32 insertions(+) diff --git a/security/openconnect/pkg-descr b/security/openconnect/pkg-descr index 192eda933..b71d60958 100644 --- a/security/openconnect/pkg-descr +++ b/security/openconnect/pkg-descr @@ -8,6 +8,8 @@ Plugin Changelog 1.4.3 + +* Add support for one-time password generation * Permit additional characters in group name 1.4.2 diff --git a/security/openconnect/src/opnsense/mvc/app/controllers/OPNsense/Openconnect/forms/general.xml b/security/openconnect/src/opnsense/mvc/app/controllers/OPNsense/Openconnect/forms/general.xml index 2631072a6..0e13339b8 100644 --- a/security/openconnect/src/opnsense/mvc/app/controllers/OPNsense/Openconnect/forms/general.xml +++ b/security/openconnect/src/opnsense/mvc/app/controllers/OPNsense/Openconnect/forms/general.xml @@ -47,6 +47,18 @@ dropdown Select the client certificate to use. + + general.tokenmode + + dropdown + Use a one-time password generation mode. + + + general.tokensecret + + text + Enter a secret to use with one-time password generation. + general.protocol diff --git a/security/openconnect/src/opnsense/mvc/app/models/OPNsense/Openconnect/General.xml b/security/openconnect/src/opnsense/mvc/app/models/OPNsense/Openconnect/General.xml index 033edd54c..647d9accd 100644 --- a/security/openconnect/src/opnsense/mvc/app/models/OPNsense/Openconnect/General.xml +++ b/security/openconnect/src/opnsense/mvc/app/models/OPNsense/Openconnect/General.xml @@ -47,6 +47,18 @@ cert N + + N + + RSA SecurID + TOTP + HOTP + OpenIDConnect + + + + N + anyconnect N diff --git a/security/openconnect/src/opnsense/service/templates/OPNsense/Openconnect/openconnect.conf b/security/openconnect/src/opnsense/service/templates/OPNsense/Openconnect/openconnect.conf index 626091fad..e076e5e65 100644 --- a/security/openconnect/src/opnsense/service/templates/OPNsense/Openconnect/openconnect.conf +++ b/security/openconnect/src/opnsense/service/templates/OPNsense/Openconnect/openconnect.conf @@ -19,6 +19,12 @@ authgroup={{ OPNsense.openconnect.general.group }} certificate=/usr/local/etc/openconnect_cert.pem sslkey=/usr/local/etc/openconnect_key.pem {% endif %} +{% if helpers.exists('OPNsense.openconnect.general.tokenmode') and OPNsense.openconnect.general.tokenmode != '' %} +{% if helpers.exists('OPNsense.openconnect.general.tokensecret') and OPNsense.openconnect.general.tokensecret != '' %} +token-mode={{ OPNsense.openconnect.general.tokenmode }} +token-secret={{ OPNsense.openconnect.general.tokensecret }} +{% endif %} +{% endif %} {% if helpers.exists('OPNsense.openconnect.general.protocol') and OPNsense.openconnect.general.protocol != '' %} protocol={{ OPNsense.openconnect.general.protocol }} {% endif %}