OpenVPN User with New Phone, How to Reset Google Authenticator

We have a pretty standard OpenVPN setup for some of our users. One of them just got a new phone, and although the trasfer brought over his Google Authenticator app and the code still shows, it no longer works with OpenVPN. This article explains how to resolve this.

Easy, I thought – we just need that QR code which adds OpenVPN into the Google Authenticator app, and he’ll be back up and running. Wrong.

It seems that once the user is up and running, becuase Authenticator is tied to the device, it still thinks it’s ready for action on the old device, and so there is no way to display the original QR code.

So, the user account within OpenVPN needs authentication resetting. This then tells OpenVPN to display a new QR code, and the app can then be configured correctly.

It’s simple enough – SSH into the OpenVPN system, then type the following, replacing <USERNAME> with the user’s login id that you wish to rest.

cd /usr/local/openvpn_as/scripts/
sudo ./sacli --user <USERNAME> GoogleAuthRegen

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: